You are currently viewing a new version of our website. To view the old version click .
MDPIMDPI
Search all articles
Electronics
Download PDF
  • Article
  • Open Access

12 September 2022

A Survey on Moving Target Defense for Networks: A Practical View

,
and
1
Independent Researcher, 80-126 Gdansk, Poland
2
Intel Corporation, 80-298 Gdansk, Poland
3
Faculty of Electronics and Information Technology, Warsaw University of Technology, 00-661 Warsaw, Poland
*
Author to whom correspondence should be addressed.
Electronics2022, 11(18), 2886;https://doi.org/10.3390/electronics11182886
This article belongs to the Special Issue Cybersecurity and Data Science, Volume II
Version Notes
Order Reprints
Review Reports

Abstract

The static nature of many of currently used network systems has multiple practical benefits, including cost optimization and ease of deployment, but it makes them vulnerable to attackers who can observe from the shadows to gain insight before launching a devastating attack against the infrastructure. Moving target defense (MTD) is one of the emerging areas that promises to protect against this kind of attack by continuously shifting system parameters and changing the attack surface of protected systems. The emergence of network functions virtualization (NFV) and software-defined networking (SDN) technology allows for the implementation of very sophisticated MTD techniques. Furthermore, the introduction of such solutions as field-programmable gate array (FPGA) programmable acceleration cards makes it possible to take the MTD concept to the next level. Applying hardware acceleration to existing concepts or developing new, dedicated methods will offer more robust, efficient, and secure solutions. However, to the best of the authors’ knowledge, there are still no major implementations of MTD schemes inside large-scale networks. This survey aims to understand why, by analyzing research made in the field of MTD to show current pitfalls and possible improvements that need to be addressed in future proposals to make MTD a viable solution to address current cybersecurity threats in real-life scenarios.

1. Introduction

1.1. Motivations behind Moving Target Defense

Many currently used network systems are static. They are designed, built, and configured once to remain unchanged for a long time [1]. This approach is reasonable from a functional requirements perspective: if use cases are well defined, then network architecture and topology are designed to meet that requirements and optimize cost. On the other hand, the static nature of modern networks gives an unfair advantage to the potential attackers, who can observe the network for a long time to collect data on end-points or traffic patterns that remain unnoticed. Their first goal is to find security vulnerabilities to finally use them to perform the attack at a convenient moment. Because of the static nature of existing networks, data collected this way might remain valid for long periods of time. A blog post [2] presents data from various cybersecurity reports. Reports from 98 data breach statistics were compiled into one post in [3], covering types of breaches, industry-specific stats, risks, costs, defense, and prevention resources. Sources report this situation as a significant threat to the security of modern networks [4].
The static nature of many network systems is only made worse by the fact that many of the prevailing cybersecurity defense mechanisms are reactive by design. Some examples of such an approach can be applying a security software patch that fixes a zero-day in an operating system or an antivirus system updating the threat database after a new malware has been detected. Shortcomings of this reactive attitude are relatively easy to spot. Before a patch for a zero-day vulnerability can be applied, the issue first has to be recognized and fixed by the company responsible for the software. The process of finding such a security flaw is not necessarily trivial. Companies can rely on their internal security teams or externals security researchers who often expect monetary compensation for their discoveries. However, there are other companies that specialize in buying zero-day vulnerabilities, like the Zerodium bug bounty platform [5], which later resells them to interested parties such as governments. In-depth talk about this kind of market can be found in [6]. Similarly, a system can only be protected against a malware that is known and has been fingerprinted previously. Before that happens, the malicious software can achieve truly devastating results. NotPetya, described as the most devastating cyberattack in history [7], is an example of such a powerful attack. All of this shows how much of an asymmetric game the defenders play with the attackers. After getting a foothold inside compromised systems via a zero-day vulnerability, the attackers can then spend weeks or months slowly accumulating information about the network, its topology, main data servers etc. Such data can then be used to identify the most valuable targets and potentially exfiltrate data.
In 2011, Lockheed Martin Corporation proposed the Intrusion Kill Chain Model (Figure 1), which distinguishes particular phases of the attack [8]. The model assumes that every malicious campaign begins at the reconnaissance stage. Later stages are payload delivery and installation, which leads to privilege escalation via found vulnerabilities and lateral movement inside target network. Finally, when ready, the attacker performs action on a target and exfiltrates. This is an example of the so-called linear kill chain. More talk about intrusion kill chains and their types can be found in [4]. Effective defense at early points would not allow the attacker to cause any damage (no material, financial, data, or reputation loss) even if potential zero-day exploits for the target system are available [9].
Figure 1. Intrusion Kill Chain Model proposed by Lockheed Martin Corporation [8].
These arguments pay particular attention to security researchers to work on solutions that make systems resistant to reconnaissance. One solution to this problem has been introduced in [10], a result of the USA Federal Networking and Information Technology Research and Development program working to find novel ways to avoid some of the most pressing cybersecurity problems. It proposed a radical shift in thinking about computer networks, called moving target defense (MTD). Its main idea is that an attack can work at most a single time, if at all. To achieve this goal, the authors proposed to constantly reconfigure the system, such that the same attack vector cannot be reused in the future. MTD is a technique that dynamically shifts the attack surface to increase complexity and cost for attackers, limits the exposure of vulnerabilities and opportunities for attack, and increases system resiliency [11,12,13,14,15,16,17]. High hopes are associated with this technology, which is expressed by funding numerous research and development grants by government institutions and the private sector [18]. This goal can be achieved in many ways, but MTD still has no clear direction that would soon become the industrial standard.
The core idea behind MTD has been around for many years prior to [10]. Perhaps the best known example is address space layout randomization (ASLR) [19]. This technique is based on thwarting attackers by randomizing the process memory space layout. In doing so, it effectively renders some of the attack ineffective by making them unreliable. Conceptually, it represents the same idea as the MTD works published later—prevent the attack, instead of dealing with it when it happens, by introducing unpredictability into the system. Although this example proves that the idea behind MTD is correct in general and although the huge number of published works on the topic in recent years, as to the best of authors’ knowledge there has not been any significant commercial implementations of MTD techniques in existing networks. The main reason for this is the lack of generally accepted, industry-wide standards, the lack of metrics to assess the effectiveness of individual MTD solutions, and the lack of systematic research that would show the cost of MTD implementation in real systems, like efficiency per dollar spent.

1.2. Our Contribution

This paper presents a review of the current state of knowledge of MTD for network defense. We have surveyed state-of-the-art MTD techniques, focusing on how they work, what kind of attacks they protect against, whether they include threat models, if and how they were tested, as well as metrics used to evaluate the proposals. In contrast to already existing surveys in the field [18,20,21,22,23,24], we have used surveyed papers as a basis on which to discuss the current status of research in the MTD field in the context of real-life scenarios, such as applications to existing networks. This state-of-art review has been enriched with a discussion on the opportunities and benefits of adding potential MTD support in hardware, the need for a better understanding of security levels offered by MTD schemes, and improved metrics and testing scenarios.

1.3. Paper Structure

We first provide a background and introduce MTD-related terminology as well as types of attacks that MTD might protect against. Then we go deep into current trends in MTD literature, analyzing them by what, how, and when to move as well as used testbeds, proposed threat models, and metrics. Finally, we look into the application of MTD to existing network and identify some research directions that need to be addressed in future works in the MTD area.

2. Materials and Methods

2.1. Methods

This review is focused on MTD for networks. For the research work, we have searched the following databases: IEEE, Springer, Association for Computing Machinery (ACM), and Science Direct. To identify relevant articles, the following query was used:
  • “moving target defense” and “network”.
We have decided that papers relating to the Internet of things (IoT), wireless and mobile networks, as well as vehicular use cases were outside the scope of this review, and as such they were ignored. We have further excluded papers, in which the proposed method was not explained extensively enough or not validated in any meaningful way. The remaining articles were then sorted by publication date, as we prioritized recent proposals.

2.2. Background

This section presents definitions and background for common key terms associated with MTD and a different existing taxonomies for the field. Furthermore, we introduce major types of attacks that MTD can protect against. Finally, we present two main technologies that allow for much easier MTD implementation.

2.2.1. Attack Surface

A system, from the security point of view, can be viewed as a set of vulnerable components. Some of them can be potentially accessed by an attacker, who may then try to exploit them. It is in the best interest of the defender to minimize that number of vulnerable components in the system, which creates a so-called attack surface. This can be achieved by installing security patches, closing unused ports, or complying with best security practices. Early work on MTD theory [13] describes the attack surface simply as a resource available to an attacker, like a system port or software. The authors of [25], based on earlier works [26,27], describe the attack surface as a subset of resources in the system that can be used to potentially launch an attack. They further propose an attack surface metric as a method by which to determine which system is more secure, by measuring the likelihood of a system being attacked. A number of works have been presented about possible approaches to minimizing the attack surface of a system. Papers [28,29] propose a graph-based, algorithmic approach to manipulating the attacker’s perspective of the system. Authors achieve this by manipulating the attacker’s probes in such a way that the external system view, a notion formally introduced in the paper, is maximum distance away from the internal view given some upper cost for the defender. The authors of [30] modeled interactions between attacker and defender as a stochastic game that allows one to determine the optimal way to shift the system’s attack surface.
Passive reconnaissance is the stealthy observation of the system for a specified period to detect a vulnerability (which is equivalent to attack surface detection). A static system attacker’s knowledge of the system, and its security vulnerabilities, increases over time. Figure 2 compares this case with three different MTD strategies. When the system is reconfigured periodically in a finite space, the observer’s level of knowledge grows slower. After each reconfiguration, the attacker’s knowledge of the current status of the system drops, but eventually overall knowledge rises. Increasing the space for reconfiguration, combined with pseudo-random timing, hardens the system even more. From the security point of view, ideal configuration uses asynchronous reconfiguration in an unlimited reconfiguration space. Unfortunately, due to technical limitations, this case is not feasible in practice.
Figure 2. Knowledge of system vulnerabilities vs. time of observation for static system and system with reconfiguration.

2.2.2. MTD Techniques Taxonomy

There has been a significant amount of novel MTD techniques presented in recent years. As such, it was necessary to create a taxonomy to categorize this work. The paper [31] proposed to classify each technique by coverage, unpredictability, and timeliness. Similarly, ref. [13] proposed that an MTD method should consider three main issues: which piece of the system to move, space of movement of said piece, and the time for the movement to occur. This was further expanded upon in [22]. The authors proposed three easy-to-memorise elements for each MTD technique based on the moving parameters—what, how, and when to move.
  • What to move refers to the choice of moving parameters in the system. Each of them can be dynamically changed within a domain of allowed values. Such changes lead to a change in the system’s attack surface, resulting in increased attack complexity. For this reason, each of the moving parameters must have a large enough parameter space to reduce the chance of being guessed by the attacker. Some examples of this category can be:
    -
    Network level
    *
    Internet Protocol (IP) address
    *
    Port
    *
    Network topology
    *
    Servers
    -
    Address space
    -
    Virtual machine (VM)
    -
    Operating system (OS)
    -
    Software version.
  • How to move specifies the means by which to choose a new value and use it to replace a previous parameter. It is meant to increase the unpredictability of the system and confuse the attacker. Such techniques can include the use of:
    -
    Randomness
    -
    Game-theoretic approach
    -
    Approach based on real-life observations.
  • When to move defines the optimal time to change the moving parameters. It is crucial to choose the right schedule for that operation, such that performing it too rarely results in not enough security, whereas doing it too often might result in the loss of system performance.
    -
    Timer-based—a moving parameter is changed in fixed or varying time intervals
    -
    Event-based (reactive approach)—a change is done after a certain occurrence, such as after an intrusion-detection system (IDS) detects an intruder.
We have decided to use this taxonomy in this survey due to its simplicity and completeness.
A different approach was proposed in [32], in which the authors categorized methods to provide security to moving parameters in the MTD system into three types:
  • Shuffling rearranges system components in various layers, like IPs, address spaces, or network topology.
  • Diversity is about providing the same functionality by using different means. For example, different OS, compilers, or even programming languages.
  • Redundancy ensures the existence of multiple replicas of the same component, for example, redundant nodes or paths.
These three methods can be used in combination with each other to provide higher levels of security.
Yet another taxonomy was introduced in a technical report on MTD [33]. Along with its second edition, released five years later [18], it remains among the most comprehensive surveys on MTD up to the present date.
  • Dynamic Data are techniques that change the format or representation of data dynamically.
  • Dynamic Software are techniques that change the application’s code on the fly.
  • Dynamic Runtime Environment are techniques that change the application environment. This group can be further subdivided into address space and instruction set randomization.
  • Dynamic Platform are techniques that change the platform properties, like hardware components or OS version.
  • Dynamic Networks are techniques that change network characteristics of the system, like topology or protocols used.

2.2.3. Attacks

In this section, we present network threats that might be prevented by using MTD solutions.
  • Reconnaissance. Also called a scanning attack, reconnaisance is used by an attacker to obtain information about the target. These might include IP addresses, open ports, running services, OS version, and network topologies. Gathered data might then be used by the attacker to prepare before a real attack is launched, for example after discovering that target runs an unpatched application with a known vulnerability. Reconnaissance attacks can be divided into two types—passive and active. During a passive attack, an attacker does not interact with the target, which might include using public resources. This type of information gathering is also called open source intelligence (OSINT); for a more detailed description, refer to [34]. As for the active reconnaissance, the attacker is allowed to interact with the target, for example by directly scanning it. This might lead to gathering more data faster, but carries a significant risk of detection. There exists a huge number of dedicated tools to perform a target scan, some of the most popular examples of which are Nmap [35] for the network scan, Aircrack-ng [36] focused on WiFi network security, and Nessus [37] for vulnerability assessment. It is important to note here that these tools might be used not only with malicious intent, but can also be run by the defender in order to provide important information in order to harden the network.
  • Denial of Service (DoS). DoS is a type of attack that disrupts the normal functions of a device. A variant of DoS attacks called distributed denial of service (DDoS) is often used to bring down networks or servers. It involves using a large number of hosts, often a part of botnet, all working together to bring the target network down. In networks, this might involve sending a large amount of requests to a server, that overwhelms it and makes it unable to process them in real time. This so called ‘flooding’ might involve ICMP or ACK packets. A type of DDoS attack is crossfire attack that targets only few, selected links in the network masking itself very well, thus making it particularly hard to detect. More on that attack can be found in [38], and [39] talks about how various network topologies impact the detectability of crossfire attacks. Currently DDoS protection can be offered by vendors like Cloudflare [40] that provide solutions to detect the attack, then drop malicious traffic or reroute it, detect and block offending IPs etc.
  • Zero-day. Sometimes also called 0-day, zero-day is a name for vulnerabilities before they are patched. In worst case scenarios, it can take months or even years before they are even detected, allowing the attacker to exploit a system, which is otherwise considered secure, in an unbothered manner. Report [41] indicates a huge rise in the number of exploited zero-days in 2012 compared to previous years. They were mostly used by state actors, targeted to spy on huge companies, but financially motivated attacks are also on a rise. The article [42] attempts to assess the security impact of unknown vulnerabilities on computer systems.
  • Advanced persistent threat (APT) as described in [43] refers to an attack strategy by a bad actor with access to significant resources, both technical and financial, and high levels of expertise, allowing him to use multiple attack vectors to achieve his goal, which might be to extract information or to impede critical infrastructure or processes. Proposals for a multistage approach that such attacker must use to fulfill its objectives were introduced in [44,45]. The first stage of an APT is always reconnaissance; the attacker wants to understand as much about the target as possible. This could consist of technical information-gathering techniques, like port or service scanning, as well as the use of social engineering on the company employees to obtain necessary information. When this is finished, the attacker then attempts to gain a foothold in the attacked system, which can be done by means of using malware or zero-day vulnerabilities, as well as spear-phishing and a watering-hole attack. More data on APT campaigns is presented in [46], along with the entry methods used. After gaining access to the system, the attacker begins to slowly spread throughout it, which can take a long time, if one is to avoid detection. Finally, the attacker attempts to exfiltrate the data or impede the system. MTD might be perfect to protect against this type of attack, as shown in [4]. Multiple MTD techniques can be applied at each step of APT. However, from the defender’s point of view, the best scenario would be to prevent the malicious actions early to stop it from ever gaining entry into the system, for example by significantly increasing the complexity of the reconnaissance stage. In [47], the authors talk in detail about the targeted nature of APTs, their characteristics and the motives behind them.

2.2.4. Potential MTD Implementation Techniques

This section describes the existing technologies that can be utilized to greatly reduce the complexity for implementing some of the MTD techniques.
Network function virtualization (NFV) is a network architecture that uses virtualization to perform traditionally hardware-based network functions, such as switches, load balancers, or firewalls. The idea was first proposed in [48], co-authored by representatives of many network operators. NFV, runs on VMs or containers on top of existing hardware, which can be instantiated on demand. Among the many benefits of this architecture, ref. [49] lists cost reduction of capital investments, reduced energy consumption by networking hardware, and decreased time to market new services, as well as swift deployment of targeted solutions based on customer needs. The ETSI report [50] presents detailed user stories for NFV usage. More on NFVs can be found in surveys like [51], and [52] talks about the security aspects of that architecture. The NFV approach can be used as an effective technology for technique implementation providing an abstract layer for the host. This kind of solution results in the isolation of host software from network mechanisms, which makes migrations to the new architecture easier and cheaper to maintain.
Software-defined networking (SDN) [53] is a network paradigm that allows for dynamic and flexible network management. It decouples the control plane from the data plane, allowing for more efficient management. On the control plane resides one or more SDN controllers with direct control over the state of data plane elements. Consequently, all of the logical control power has been removed from those devices, which now only serve as simple forwarding devices, working according to rules programmed by controllers. The communication between control and data planes is done only by using interfaces, such as OpenFlow protocol [54]. Such separation allows one to achieve more flexibility and makes it easier to transform the network in the future. Some examples of SDN controllers are ONOS [55], OpenDaylight [56], NOX-MT [57], Beacon [58], and Ryu [59]. Due to their importance, SDN controllers are the potential point of failure that can bring down the entire network, and refs. [60,61,62] talk specifically about the problem of controller placement in SDN, whereas [63] provides a more general survey on fault management in SDN. Overall, there is a great amount of literature regarding SDN. Some examples of surveys discussing their architecture, applications and security are [64,65,66,67]. The isolated SDN control plane seems to be a natural candidate to consider in the context of dynamic network reconfiguration management mechanisms for MTD.
Overall, NFV and SDN seem like a good match for MTD architectures, providing dynamic network control and dynamic resource allocation, greatly reducing deployment cost and time by removing the need for deploying new network devices, and allowing for easier implementation of an MTD mechanism such as route or host mutation. One of the technologies that allows for the merging of NFV and SDN is OpenVSwitch [68], a high-performance software switch used in virtualized environments. Articles [69,70] describe integrating NFV and SDN in more depth. An example of MTD architecture utilizing both SDN and NFV is found in [71]. The authors proposed a framework, using route mutation to defend ISP networks against DDoS attacks and reconnaissance that was capable of network forensics. The proposed architecture utilizes a virtualized shadow network, each composed of multiple VMs, and deployed across the real network. With regard to incoming traffic, the SDN controller can flag them as potentially malicious and choose one of three scenarios. The first one is forwarding it on a random route across networks to a real host destination. The second one sends it to a shadow network, or to a virtualized shadow host. The last strategy sends the packet through both real and virtual networks, but it ends in a real destination host. Each of those strategies has a mutation probability, used to determine which of them will be applied, but that probability can be modified depending on past actions taken against a given traffic. For the legitimate traffic, the first strategy is applied every time.

4. Discussion

4.1. Application to Existing Networks

In this section, we want to discuss how current state-of-the art MTD techniques integrate with existing network models. In Section 3.4 it can be observed that almost all of the surveyed MTD articles were in either simulation or emulation phase, whereas almost none was tested on a real scale network. Two exceptions are [93], which tested on two subnets inside a university campus network, and [95], which used a laboratory network comprised of 36 hosts split between three subnetworks to verify the architecture. Moreover, live network implementation of [118] has been presented in [135] on a network of 30,000 IPv6 hosts. This shows a potential gap in most of the state-of-the art MTD concepts which were never properly validated inside a realistic environment. Together with the huge variety in used test setups, this makes it exceptionally hard to compare different techniques against one another. This might factor in a slower widespread adoption of MTD techniques in large-scale enterprise networks.
Surveyed SDN-based MTD techniques were mainly based on full SDN networks. Although we were unable to find any source to show how popular this solution is inside huge enterprise networks, we believe most of them still rely on more traditional solutions. This adds an another layer of complexity, uncertainty, and cost to the implementation of surveyed MTD techniques because the networks would have to be reworked severely in order to accommodate them. This might potentially outweigh the benefits the additional security MTD would provide. One solution to this would be to implement a hybrid SDN network, in which both traditional and SDN paradigms coexist. Hybrid SDN architectures were classified in [136]. One example of such a network is to allow an SDN controller to interact with legacy hardware and might even take full management over them. This might serve as a first step in organization before introducing SDN data plane in place of existing hardware. Another possible solution is to place the SDN nodes only on the edges of the network, passing the responsibility for all outside traffic onto the SDN controller. Another notable architecture introduces SDNs by region, creating islands based on the same paradigm and connected via a gateway. Although this solution might allow one to introduce SDN-based MTD techniques into legacy networks, much work is required to assess how much of the claimed benefits those techniques would retain, as well as what would be the performance impact on those networks. More on existing approaches to hybrid SDNs can be found in [137].

4.2. Hardware-Accelerated MTD

This section discusses the potential applications of hardware acceleration to MTD techniques. We see this as a promising future direction for implementing MTD in realistic scenarios. We have identified two main ways hardware acceleration could fit in MTD.
  • Improved introduction to established networks. With the help of specialized devices, MTD could be introduced simply and without major disruption to existing networks. Such hardware should require little configuration to work properly to reduce the chance of human error during installation and provide expected security levels out of the box.
  • Enhancing MTD in networks already defended by MTD. In this scenario, the addition of hardware accelerators to offload MTD-related computations can improve both network performance and MTD defense. Such devices could take away additional operations needed to operate MTD from existing infrastructure, thus increasing throughput, latency, or other parameters of the network. Additionally, they might be added to improve defensive parameters of MTD, like more frequent parameter change, with no negative impact to network user experience.
Over the last several years, a significant development in the programmable device market has been observed [138]. This stems from the specific needs created by architects of telecommunications network infrastructure and data centers. Optimizing infrastructure for the performance of a given solution often requires the use of properly tuned algorithms, which is not possible when using components of a classical network infrastructure [139]. The development of programmable, high-performance system-on-a-chip (SoC) solutions provides technical possibilities to build highly programmable, and thus more flexible, devices. From the host OS perspective, programmable devices improve separation of infrastructure from tenant and offload infrastructure [140]. The numerous advantages of this approach have resulted in the creation of a new term in the field of technology—infrastructure processing unit (IPU)—which is a programmable network device that intelligently manages system-level infrastructure resources by securely accelerating those functions. Among the fastest growing segments of the IPU market are smart network interface cards (SmartNIC) [140] and programmable switches [141]. The authors believe that optimizing performance is not the only use case for programmable network devices. IPU hardware can also become a powerful platform for dedicated, tailor-made security solution implementation [142].
By analyzing papers surveyed in Section 3, we were able to identity few areas that show particular promise to be accelerated by using hardware solutions.
  • Address and port mutation
  • SDN-based MTD
  • Route mutation
  • Host migration
  • Algorithms
Address and port mutation appear to be ideal candidates for hardware acceleration. The most promising examples in this category are [17,84,85,90], which implement real to virtual address and/or port translation in switches for every packet. This operation can be greatly accelerated by using programmable switches. After the controller writes mutation rules into them, this device allows one to perform lookup and modify the packet in near real time, without much impact to overall latency in the network. Similarly, as most of the surveyed papers are utilizing SDN, the use of SDN-enabled hardware switches would provide much better performance than any software solutions. Such solutions merge the best of both worlds, providing high-speed, low-latency data throughput, while also separating the data plane from the control plane.
A very promising improvement idea for higher speed MTD schemes might be to implement algorithms that are part of control logic in hardware circuits. One solution might be to use application-specific integration circuits (ASIC), which provide much faster computation times than software implementation, but it comes at longer design times and higher implementation costs. ASICs are also much less flexible, as each change in logic requires a redesign of the circuit. A superior solution for this case might be field-programmable gate array (FPGA), which allows for quick reprogramming in the field by using hardware design languages (HDL) to implement logic. Although FPGAs don’t offer as high performance as ASICs, they provide much greater flexibility when it comes to development. To get the most of an implemented MTD solution, one should use both types of devices. FPGA might be ideal for offloading proprietary MTD control logic, while off-the-shelf ASIC-based hardware accelerators can greatly enhance the performance of a more generic type of utilized algorithm. As many of the surveyed articles use randomness to obtain a new system state, specialized hardware could benefit them by providing a hardware random number generator (HRNG), increasing unpredictability of the data while working at a faster rate than software solutions. Adequate hardware accelerators can also be applied for increased computational rates of cryptographic algorithms.

4.3. Security of MTD Techniques

For the next topic of the discussion, we want to take a look at the security benefits of MTD. Although many articles present impressive results in simulated scenarios, it is unclear how these solutions would behave in real-life applications. We’ve identified several areas in the field that might help researchers understand how MTD affects network security, but are currently not explored enough.
  • Lack of clearly defined and realistic threat model: In Section 3.5, we have presented our findings on threat models defined in surveyed papers. We found that in many cases, it might be too simplistic, and thus not realistic enough. These models often boil down to assuming that an attacker is located outside the network and launches some specific kind of attack. A common pitfall we’ve noticed across the literature was assuming the attacker actively engages with the network, most commonly by probing IP addresses. In real networks, this kind of behaviour would likely be quickly picked up by existing sensors and such an incident would alert defender’s security team.
  • Protection against insider threats: Although closely tied to the previous point, insider threats deserve a mention on their own. Cybersecurity and infrastructure security agency defines insider threats as potential for people with elevated access and knowledge in the organization to harm it [143]. According to a report by IBM, malicious insiders were responsible for 5 to 29% of the attacks, depending on the industry [144]. Although this is a serious threat to computer systems, most MTD papers never consider their impact on the security of the scheme. It is unclear how damage can be caused by a malicious employee who leaks the real IP of a machine protected by constant address mutation or MTD algorithm details.
  • Lack of realistic testing scenarios: In Section 3.4, we have presented test methods that were used throughout surveyed papers. As further stated in Section 4.1, not many of those proposals were actually tested on real hardware. Because of that, it is almost impossible to assess the impact that proposed MTD techniques might have on the availability of network resources to users. Particularly vulnerable might be protocols that require establishing a session, as they might be negatively affected if mutations occur mid-session. Another issue might be the potentially detrimental impact of MTD on overall performance of the network, which might not be noticeable in a simplified, simulation-based environment.
  • Lack of understanding how security levels behave after MTD have been enabled for a long periods of time: Figure 2 shows how attackers’ knowledge of a system, which periodically mutates in a limited reconfiguration space, slowly increases over time. Analyzing the surveyed articles, it is not clear enough to conclude for how long these systems would actually work against a determined attacker. State actors might have the funding necessary to observe the system for months or years, slowly gathering intelligence about the network. More research is required to help understand if proposed techniques have a large enough mutation space to effectively protect against this kind of threat over prolonged periods of time.
  • Lack of consideration of alternative attack vectors: The next security gap we have identified is the lack of flexibility of surveyed MTD techniques. This proposal often protects against one particular type of attack, but because the aim of MTD is to overcome the attackers’ asymmetric advantage over the defender, these proposals are just not enough. In the case of address mutation MTD schemes, if the attackers purely operate on IP addresses, these techniques might indeed protect the network. However, if the attacker tries to implement more sophisticated attack vectors, like packet analysis, it might overcome this defense completely. We propose that more research time needs to be spent on flexible MTD schemes, which are able to protect against a wide range of threats.

4.4. Metrics

In Section 3.6, different metrics proposed by authors throughout surveyed literature were presented. Most commonly, these could be grouped into one of two main categories: the performance-based category and the attack parameter category, which includes the chance of success, or cost, for both attackers and defenders. In general, performance-based metrics might be a great benchmark, showing how a scheme might impact network parameters. The same, however, does not apply to the second category, as they seem particularly difficult to calculate in real-life scenarios. Moreover, every proposed scheme is evaluated by using different metrics. It is therefore crucial that better benchmarks for assessing the security of MTD schemes are developed. Ideally, they should then be adopted by future authors in the field. The benefit of this can be twofold—different schemes could be easily compared against one another, and engineers could use them to pick one that best suits their needs.

4.5. Research Directions

After reviewing a large number of papers related to MTD, it is apparent that extra work is required in different areas in this field. Based on findings from surveyed literature, presented below is the list of topics that authors of this paper believe are important to be researched further.
  • Better metrics need to be developed—As shown in Section 3.6, many of the reviewed papers use some performance-based metrics which provide a solid ground on which the proposed technique can be evaluated. However, there is an apparent lack of metrics that provide good understanding of the security level those proposals provide to the network. Although many of the articles use the attack success probability metric, there is a huge variance in both the attacker and how this metric is calculated. Moreover, the proposed attacker may often not be a good representation of a threat to the network in real-world applications. As such, more work needs to be done to provide a set of common and universal metrics that can be applied to any proposed MTD techniques so that they can be easily compared against each other.
  • Application of MTD to existing networks—As discussed in Section 4.1, currently there is little work done to assess the applicability of MTD to existing networks. Of the surveyed papers, the majority were tested on a simulator or on small-scale implementations in local networks. There needs to be more research of applications of these MTD techniques in large-scale corporate networks, especially in aspects like the initial costs required in terms of both money and time spent reconfiguring the network, the decrease of general network performance, or the impact to network stability.
  • Hardware-accelerated MTD—Closely tied to the previous point, we see great potential in the use of hardware-accelerated MTD to protect the network. Although such solutions don’t necessarily increase security on their own, they provide significant performance improvement over typical computational devices, while being often more powerfully effective and requiring less management. One example of such an accelerator is SmartNIC, which is a type of a programmable device, based on an ASIC or FPGA [145]. These are already utilized in data centers for accelerating SDNs [146] or security-related tasks like DDoS protection [147,148].
  • Realistic testbeds—During our research, we identified the need for better testbeds that allow one to simulate MTD in conditions that are as close to real as is feasible. This is especially important when it comes to simulating realistic attackers to measure the effectiveness of a given MTD technique. Although there is a significant amount of testbeds that allow one to simulate even large networks (especially for SDNs) and that offer a great deal of configuration possibilities, replicating realistic traffic on them is much harder. A trivial solution for this problem is to replay the saved packet traffic from files, but this comes with issues of its own. Perhaps the best source of them might be the save the packets from the network that we are going to implement the MTD in, but this might not always be possible. Otherwise one could use many of the traffic files shared for free on the Internet. No matter the source of the file, they often require a lot of storage space that further needs to be multiplied by the number of hosts on the network if one wants different traffic from each of the machines. On top of that, extra work is required to replay packets from protocols that establish a session, like transmission control protocol (TCP). This shows the need to create an easy way to configure a testbed for MTD validation with capabilities of a packet generator that is able to produce different types of traffic.
  • Economics of MTD—Another poorly researched aspect of MTD is the overall economics of this technique. More work needs to be done to understand the cost of running the MTD technique across its lifetime, in terms of initial implementation costs, the work and hardware required, and the running costs of this solution. On top of that, closely tied to the previous two research directions, more work is necessary to help define the long-term financial benefits offered by enhanced protection by MTD compared with unprotected network.
  • Application of MTD to kill-chain phases other than reconnaissance—Almost all of the surveyed papers were focused on disrupting an attacker’s reconnaissance actions. An interesting research direction might be to assess viability of applying MTD to later phases of the Intrusion Kill Chain Model presented in Figure 1. The potential application of MTD might be an “Action on Objective” step, which would aim to prevent attackers from exfiltrating the stolen data.
  • Hybrid MTD—The last research direction that we identified is MTD utilizing multiple strategies to protect against a wide range of attackers. During our survey, we identified only individual papers utilizing this technique, but we believe it has great potential against real-life threats. However, more work needs to be done to identify when and how certain strategies need to be applied to optimize the protection and minimize the impact to the network.

5. Conclusions

Moving target defense shows the potential to completely change the approach to network security. This security paradigm has inspired a large number of research publications in various stages of maturity—from theoretical proposals to implemented techniques. The first part of this paper was aimed at explaining the concepts behind the MTD paradigm. We discussed attack surface, examples of MTD taxonomy, and attack types that MTD might help defend against. We also introduced SDN and NFV as two promising network architectures that can be utilized for implementing various MTD techniques. In the second part of the article, we have surveyed existing literature to identify current trends, as well as their advantages and disadvantages in order to provide guidance for further research work in the area. We focused on what, when, and how to move, as well as the used testbeds, threat models, and proposed metrics. During our research, we have discussed several shortcomings of currently available MTD schemes and identified future research directions in the field in the last part of this survey.
In general, we believe MTD as an area lacks maturity. There are no standards and no universal metrics that can be used to compare different techniques. We believe this might discourage both engineers and company decision-makers from adopting this paradigm. If MTD is to ever become widespread, more research is required to show how to implement it in existing large-scale networks, with a special focus on performance and costs. Realistic proof of concepts are required to show that MTD schemes are viable and working as expected, if they are to work alongside or even replace current defenses in network systems.

Author Contributions

Conceptualization, Ł.J., M.Z. and M.R.; methodology, Ł.J., M.Z. and M.R.; investigation, Ł.J., M.Z., and M.R.; writing—original draft preparation, Ł.J. and M.Z.; writing—review and editing, Ł.J., M.Z., and M.R.; visualization, M.Z.; supervision, M.R.; project administration, M.R. and M.Z. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by the Polish National Centre for Research and Development under Project CYBERSECIDENT/369234/I/NCBR/2017.

Conflicts of Interest

The authors declare no conflict of interest.

Abbreviations

The following abbreviations are used in this manuscript:
MTDMoving Target Defense
NFVNetwork Functions Virtualization
SDNSoftware-Defined Networking
DOSDenial of Service
DDoSDistributed Denial of Service
OSINTOpen Source Intelligence
ACMAssociation for Computing Machinery
IoTInternet of Things
NATNetwork Address Translation
DNSDomain Name System
MACMedium Access Control
IPInternet Protocol
TTLTime to Live
TCBTrusted Computing Base
UDPUser Datagram Protocol
BGPBorder Gateway Protocol
CVSSCommon Vulnerability Scoring System
IDSIntrusion Detection System
VMVirtual Machine
OSOperating System
ISPInternet Service Provider
HMACKeyed-Hash Message Authentication Code
QoEQuality of experience
NTMNetwork Topology Management
VNVirtualized Network
NMNetwork Monitoring
TMCTopology Mutation Control
APTAdvanced Persistent Threat
TCPTransmission Control Protocol
HRNGHardware Random Number Generator
ASICApplication Specific Integration Circuits
FPGAField-Programmable Gate Arrays
HDLHardware Design Languages
SoCSystem-on-a-Chip
NICNetwork Interface Card
IPUInfrastructure Processing Unit

References

  1. Okhravi, H.; Streilein, W.W.; Bauer, K.S. Moving Target Techniques: Leveraging Uncertainty for Cyber Defense. Linc. Lab. J. Spec. Issue Cyber Secur. 2016, 22, 100–109. [Google Scholar]
  2. How Long Does It Take to Detect a Cyber Attack? Available online: https://www.itgovernanceusa.com/blog/how-long-does-it-take-to-detect-a-cyber-attack (accessed on 4 January 2022).
  3. 98 Must-Know Data Breach Statistics for 2021. Available online: https://www.varonis.com/blog/data-breach-statistics (accessed on 4 January 2022).
  4. Khosravi-Farmad, M.; Ahmadian Ramaki, A.; Bafghi, A. Moving Target Defense Against Advanced Persistent Threats for Cybersecurity Enhancement. In Proceedings of the 2018 8th International Conference on Computer and Knowledge Engineering (ICCKE), Mashhad, Iran, 25–26 October 2018; pp. 280–285. [Google Scholar] [CrossRef]
  5. Zerodium. Available online: https://zerodium.com/ (accessed on 14 August 2021).
  6. Perlroth, N. The Untold History of America’s Zero-Day Market. Available online: https://www.wired.com/story/untold-history-americas-zero-day-market/ (accessed on 14 August 2021).
  7. Greenberg, A. The Untold Story of NotPetya, the Most Devastating Cyberattack in History. Available online: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ (accessed on 14 August 2021).
  8. Hutchins, E.; Cloppert, M.; Amin, R. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lead. Issues Inf. Warf. Secur. Res. 2011, 1, 80. [Google Scholar]
  9. Pal, P.; Schantz, R.; Paulos, A.; Benyo, B. Managed Execution Environment as a Moving-Target Defense Infrastructure. IEEE Secur. Priv. 2014, 12, 51–59. [Google Scholar] [CrossRef]
  10. National Cyber Leap Year Summit 2009 Co-Chairs’ Report; Networking and Information Technology Research and Development: Please add more information 2009. Available online: https://www.nitrd.gov/nitrdgroups/images/b/bd/National_Cyber_Leap_Year_Summit_2009_CoChairs_Report.pdf (accessed on 1 September 2022).
  11. Jajodia, S.; Ghosh, A.; Swarup, V.; Wang, C.; Wang, X. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats; Springer: New York, NY, USA, 2011; Volume 54. [Google Scholar] [CrossRef]
  12. Jajodia, S.; Ghosh, A.; Subrahmanian, V.; Swarup, V.; Wang, C.; Wang, X. Moving Target Defense II: Application of Game Theory and Adversarial Modeling; Springer: New York, NY, USA, 2013. [Google Scholar] [CrossRef]
  13. Zhuang, R.; Deloach, S.; Ou, X. Towards a Theory of Moving Target Defense. Proc. ACM Conf. Comput. Commun. Secur. 2014, 2014, 31–40. [Google Scholar] [CrossRef]
  14. Crosby, S.; Carvalho, M.; Kidwell, D. A layered approach to understanding network dependencies on moving target defense mechanisms. In Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, TN, USA, 8–10 January 2013. [Google Scholar] [CrossRef]
  15. Carroll, T.; Crouse, M.; Fulp, E.; Berenhaut, K. Analysis of network address shuffling as a moving target defense. In Proceedings of the 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, Australia, 10–14 June 2014; pp. 701–706. [Google Scholar] [CrossRef]
  16. Zhuang, R.; Deloach, S.; Ou, X. A model for analyzing the effect of moving target defenses on enterprise networks. In Proceedings of the 9th Annual Cyber and Information Security Research Conference, Oak Ridge, TN, USA, 8–10 April 2014. [Google Scholar] [CrossRef]
  17. Jafarian, J.; Al-Shaer, E.; Duan, Q. OpenFlow random host mutation: Transparent moving target defense using software defined networking. In Proceedings of the HotSDN’12—Proceedings of the 1st ACM International Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 13 August 2012. [Google Scholar] [CrossRef]
  18. Ward, B.; Gomez, S.; Skowyra, R.; Bigelow, D.; Martin, J.; Landry, J.; Okhravi, H. Survey of Cyber Moving Targets Second Edition; Technical Report; Lincoln Laboratory, Massachusetts Institute of Technology: Lexington, MA, USA, 2018. [Google Scholar]
  19. Team, P. PaX Address Space Layout Randomization (ASLR). 2003. Available online: https://pax.grsecurity.net/docs/aslr.txt (accessed on 14 August 2021).
  20. Lei, C.; Zhang, H.Q.; Jinglei, T.; Zhang, Y.C.; Liu, X.H. Moving Target Defense Techniques: A Survey. Secur. Commun. Netw. 2018, 2018, 3759626. [Google Scholar] [CrossRef] [Green Version]
  21. Cho, J.H.; Sharma, D.; Alavizadeh, H.; Yoon, S.; Ben-Asher, N.; Moore, T.; Kim, D.; Lim, H.; Nelson, F. Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense. IEEE Commun. Surv. Tutor. 2020, 22, 709–745. [Google Scholar] [CrossRef]
  22. Cai, G.L.; Wang, B.S.; Hu, W.; Wang, T.Z. Moving target defense: State of the art and characteristics. Front. Inf. Technol. Electron. Eng. 2016, 17, 1122–1153. [Google Scholar] [CrossRef]
  23. Zheng, J.; Siami Namin, A. A Survey on the Moving Target Defense Strategies: An Architectural Perspective. J. Comput. Sci. Technol. 2019, 34, 207–233. [Google Scholar] [CrossRef]
  24. Sengupta, S.; Chowdhary, A.; Sabur, A.; Alshamrani, A.; Huang, D.; Kambhampati, S. A Survey of Moving Target Defenses for Network Security. IEEE Commun. Surv. Tutor. 2020, 22, 1909–1941. [Google Scholar] [CrossRef]
  25. Manadhata, P.; Wing, J. An Attack Surface Metric. Softw. Eng. IEEE Trans. 2011, 37, 371–386. [Google Scholar] [CrossRef]
  26. Manadhata, P.; Wing, J. Measuring a System’s Attack Surface; Technical Report cmu- cs-04-102; School of Computer Science, Carnegie Mellon University: Pittsburgh, PA, USA, 2004. [Google Scholar]
  27. Howard, M.; Pincus, J.; Wing, J. Measuring Relative Attack Surfaces. In Computer Security in the 21st Century; Springer: Boston, MA, USA, 2005; pp. 109–137. [Google Scholar] [CrossRef]
  28. Albanese, M.; Battista, E.; Jajodia, S.; Casola, V. Manipulating the attacker’s view of a system’s attack surface. In Proceedings of the 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, USA, 29–31 October 2014; pp. 472–480. [Google Scholar] [CrossRef]
  29. Albanese, M.; Battista, E.; Jajodia, S. Deceiving Attackers by Creating a Virtual Attack Surface. In Cyber Deception; Springer: Cham, Switzerland, 2016; pp. 169–201. [Google Scholar] [CrossRef]
  30. Manadhata, P. Game Theoretic Approaches to Attack Surface Shifting. In Moving Target Defense II; Springer: New York, NY, USA, 2013; pp. 1–13. [Google Scholar] [CrossRef]
  31. Hobson, T.; Okhravi, H.; Bigelow, D.; Rudd, R.; Streilein, W. On the Challenges of Effective Movement. Proc. ACM Conf. Comput. Commun. Secur. 2014, 2014, 41–50. [Google Scholar] [CrossRef]
  32. Hong, J.; Kim, D.S. Assessing the Effectiveness of Moving Target Defenses Using Security Models. IEEE Trans. Dependable Secur. Comput. 2015, 13, 163–177. [Google Scholar] [CrossRef]
  33. Okhravi, H.; Rabe, M.; Mayberry, T.; Leonard, W.; Hobson, T.; Bigelow, D.; Streilein, W. Survey of Cyber Moving Targets; Technical Report; Lincoln Laboratory, Massachusetts Institute of Technology: Lexington, MA, USA, 2013. [Google Scholar]
  34. Pastor-Galindo, J.; Nespoli, P.; Gomez Marmol, F.; Martinez Perez, G. The Not Yet Exploited Goldmine of OSINT: Opportunities, Open Challenges and Future Trends. IEEE Access 2020, 8, 10282–10304. [Google Scholar] [CrossRef]
  35. Nmap: The Network Mapper. Available online: https://nmap.org/ (accessed on 20 March 2022).
  36. Aircrack-ng. Available online: https://www.aircrack-ng.org/ (accessed on 20 March 2022).
  37. Nessus: Vulnerability Assessment. Available online: https://www.tenable.com/products/nessus (accessed on 20 March 2022).
  38. Kang, M.; Lee, S.B.; Gligor, V. The Crossfire Attack. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 19–22 May 2013; pp. 127–141. [Google Scholar] [CrossRef]
  39. Liaskos, C.; Ioannidis, S. Network Topology Effects on the Detectability of Crossfire Attacks. IEEE Trans. Inf. Forensics Secur. 2018, 13, 1682–1695. [Google Scholar] [CrossRef]
  40. Cloudflare: Comprehensive DDoS Protection. Available online: https://www.cloudflare.com/ddos/ (accessed on 20 March 2022).
  41. Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before. Available online: https://www.mandiant.com/resources/zero-days-exploited-2021 (accessed on 29 May 2022).
  42. Wang, L.; Jajodia, S.; Singhal, A.; Cheng, P.; Noel, S. k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities. Dependable Secur. Comput. IEEE Trans. 2014, 11, 30–44. [Google Scholar] [CrossRef]
  43. Ross, R. Managing Information Security Risk: Organization, Mission, and Information System View. 2011. Available online: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=908030 (accessed on 1 September 2022).
  44. Chen, P.; Desmet, L.; Huygens, C. A Study on Advanced Persistent Threats. In IFIP International Conference on Communications and Multimedia Security; Springer: Berlin/Heidelberg, Germany, 2014; pp. 63–72. [Google Scholar] [CrossRef]
  45. Alshamrani, A.; Myneni, S.; Chowdhary, A.; Huang, D. A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities. IEEE Commun. Surv. Tutor. 2019, 21, 1851–1877. [Google Scholar] [CrossRef]
  46. Ussath, M.; Jaeger, D.; Cheng, F.; Meinel, C. Advanced persistent threats: Behind the scenes. In Proceedings of the 2016 Annual Conference on Information Science and Systems (CISS), Princeton, NJ, USA, 16–18 March 2016; pp. 181–186. [Google Scholar] [CrossRef]
  47. Sood, A.; Enbody, R. Targeted Cyber Attacks—A Superset of Advanced Persistent Threats. IEEE Secur. Priv. 2013, 11, 54–61. [Google Scholar] [CrossRef]
  48. Network Functions Virtualisation: An Introduction, Benefits, Enablers, Challenges & Call for Action. Issue 1. October 22–24, 2012 at the “SDN and OpenFlow World Congress”, Darmstadt-Germany. Available online: https://portal.etsi.org/nfv/nfv_white_paper.pdf (accessed on 1 September 2022).
  49. Han, B.; Gopalakrishnan, V.; Ji, L.; Lee, S. Network Function Virtualization: Challenges and Opportunities for Innovations. Commun. Mag. IEEE 2015, 53, 90–97. [Google Scholar] [CrossRef]
  50. Network Functions Virtualisation ETSI Industry Specification Group ETSI GR NFV 001 V1.3.1 Network Functions Virtualisation (NFV); Use Cases. 2021. Available online: https://www.etsi.org/deliver/etsi_gr/NFV/001_099/001/01.03.01_60/gr_NFV001v010301p.pdf (accessed on 7 October 2021).
  51. Yi, B.; Wang, X.; Li, K.; Das, S.; Huang, M. A Comprehensive Survey of Network Function Virtualization. Comput. Netw. 2018, 133, 212–262. [Google Scholar] [CrossRef]
  52. Alwakeel, A.; Alnaim, A.; Fernández, E. A Survey of Network Function Virtualization Security. In Proceedings of the SoutheastCon 2018, St. Petersburg, FL, USA, 19–22 April 2018. [Google Scholar] [CrossRef]
  53. Kreutz, D.; Ramos, F.; Veríssimo, P.; Esteve Rothenberg, C.; Azodolmolky, S.; Uhlig, S. Software-Defined Networking: A Comprehensive Survey. Proc. IEEE 2014, 103, 14–76. [Google Scholar] [CrossRef]
  54. McKeown, N.; Anderson, T.; Balakrishnan, H.; Parulkar, G.; Peterson, L.; Rexford, J.; Shenker, S.; Turner, J. OpenFlow: Enabling innovation in campus networks. Comput. Commun. Rev. 2008, 38, 69–74. [Google Scholar] [CrossRef]
  55. Berde, P.; Gerola, M.; Hart, J.; Higuchi, Y.; Kobayashi, M.; Koide, T.; Lantz, B.; O’Connor, B.; Radoslavov, P.; Snow, W.; et al. ONOS: Towards an open, distributed SDN OS. In Proceedings of the HotSDN 2014—Proceedings of the ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking, Chicago, IL, USA, 22 August 2014. [Google Scholar] [CrossRef]
  56. Medved, J.; Varga, R.; Tkacik, A.; Gray, K. OpenDaylight: Towards a Model-Driven SDN Controller architecture. In Proceedings of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014 Sydney, NSW, Australia, 19 June 2014; pp. 1–6. [Google Scholar] [CrossRef]
  57. Tootoonchian, A.; Gorbunov, S.; Ganjali, Y.; Casado, M.; Sherwood, R. On Controller Performance in Software-defined Networks. In Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, San Jose, CA, USA, 24 April 2012; p. 10. [Google Scholar]
  58. Erickson, D. The Beacon OpenFlow Controller. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Hong Kong, China, 16 August 2013; pp. 13–18. [Google Scholar] [CrossRef]
  59. Ryu, a Component-Based Software Defined Networking Framework. Available online: https://ryu-sdn.org/ (accessed on 14 October 2021).
  60. Zhang, Y.; Cui, L.; Wang, W.; Zhang, Y. A Survey on Software Defined Networking with Multiple Controllers. J. Netw. Comput. Appl. 2017, 103, 101–118. [Google Scholar] [CrossRef]
  61. Kumari, A.; Sairam, A. A Survey of Controller Placement Problem in Software Defined Networks. arXiv 2019, arXiv:1905.04649. [Google Scholar]
  62. Wang, G.; Zhao, Y.; Huang, J.; Wang, W. The Controller Placement Problem in Software Defined Networking: A Survey. IEEE Netw. 2017, 31, 21–27. [Google Scholar] [CrossRef]
  63. Yinbo, Y.; Li, X.; Leng, X.; Song, L.; Bu, K.; Chen, Y.; Yang, J.; Zhang, L.; Cheng, K.; Xiao, X. Fault Management in Software-Defined Networking: A Survey. IEEE Commun. Surv. Tutor. 2018, 21, 349–392. [Google Scholar] [CrossRef]
  64. Farhady, H.; Lee, H.; Nakao, A. Software-Defined Networking: A survey. Comput. Netw. 2015, 81, 79–95. [Google Scholar] [CrossRef]
  65. Benzekki, K.; El Fergougui, A.; El Belrhiti El Alaoui, A. Software-defined networking (SDN): A survey. Secur. Commun. Netw. 2017, 9, 5803–5833. [Google Scholar] [CrossRef]
  66. Nisar, K.; Welch, I.; Hassan, R.; Sodhro, A.; Pirbhulal, S. A Survey on the Architecture, Application, and Security of Software Defined Networking. Internet Things 2020, 12, 100289. [Google Scholar] [CrossRef]
  67. Sahay, R.; Meng, W.; Jensen, C.D. The application of Software Defined Networking on securing computer networks: A survey. J. Netw. Comput. Appl. 2019, 131, 89–108. [Google Scholar] [CrossRef]
  68. Pfaff, B.; Pettit, J.; Koponen, T.; Jackson, E.; Zhou, A.; Rajahalme, J.; Gross, J.; Wang, A.; Stringer, J.; Shelar, P.; et al. The Design and Implementation of Open vSwitch. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), Oakland, CA, USA, 4–6 May 2015; USENIX Association: Oakland, CA, USA, 2015; pp. 117–130. [Google Scholar]
  69. Duan, Q.; Ansari, N.; Toy, M. Software-defined network virtualization: An architectural framework for integrating SDN and NFV for service provisioning in future networks. IEEE Netw. 2016, 30, 10–16. [Google Scholar] [CrossRef]
  70. Li, Y.; Chen, M. Software-Defined Network Function Virtualization: A Survey. IEEE Access 2015, 3, 2542–2553. [Google Scholar] [CrossRef]
  71. Saputro, N.; Aydeger, A.; Akkaya, K. A Moving Target Defense and Network Forensics Framework for ISP Networks using SDN and NFV. Future Gener. Comput. Syst. 2019, 94, 496–509. [Google Scholar] [CrossRef]
  72. Xu, X.; Hu, H.; Liu, Y.; Zhang, H.; Chang, D. An Adaptive IP Hopping Approach for Moving Target Defense Using a Light-Weight CNN Detector. Secur. Commun. Netw. 2021, 2021, 8848473. [Google Scholar] [CrossRef]
  73. Hyder, M.F.; Fatima, T. Towards Crossfire Distributed Denial of Service Attack Protection Using Intent-Based Moving Target Defense Over Software-Defined Networking. IEEE Access 2021, 9, 112792–112804. [Google Scholar] [CrossRef]
  74. Wang, L. Shoal: A Network Level Moving Target Defense Engine with Software Defined Networking. ICST Trans. Secur. Saf. 2021, 7, 170011. [Google Scholar] [CrossRef]
  75. Bandi, N.; Tajbakhsh, H.; Analoui, M. FastMove: Fast IP switching Moving Target Defense to mitigate DDOS Attacks. In Proceedings of the 2021 IEEE Conference on Dependable and Secure Computing (DSC), Aizuwakamatsu, Japan, 30 January–2 February 2021; pp. 1–7. [Google Scholar] [CrossRef]
  76. Chowdhary, A.; Huang, D.; Sabur, A.; Vadnere, N.; Kang, M.; Montrose, B. SDN-based Moving Target Defense using Multi-agent Reinforcement Learning. In Proceedings of the first International Conference on Autonomous Intelligent Cyber defense Agents (AICA 2021), Paris, France, 15–16 March 2021. [Google Scholar]
  77. Debroy, S.; Calyam, P.; Nguyen, M.; Neupane, R.; Mukherjee, B.; Eeralla, A.K.; Salah, K. Frequency-Minimal Utility-Maximal Moving Target Defense against DDoS in SDN-based Systems. IEEE Trans. Netw. Serv. Manag. 2020, 17, 890–903. [Google Scholar] [CrossRef]
  78. Chai, X.; Wang, Y.; Yan, C.; Zhao, Y.; Chen, W.; Wang, X. DQ-MOTAG: Deep Reinforcement Learning-based Moving Target Defense Against DDoS Attacks. In Proceedings of the 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC), Hong Kong, China, 27–30 July 2020; pp. 375–379. [Google Scholar] [CrossRef]
  79. Gudla, C.; Sung, A. Moving Target Defense Discrete Host Address Mutation and Analysis in SDN. In Proceedings of the 2020 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 16–18 December 2020; pp. 55–61. [Google Scholar] [CrossRef]
  80. Sengupta, S.; Chowdhary, A.; Huang, D.; Kambhampati, S. General Sum Markov Games for Strategic Detection of Advanced Persistent Threats Using Moving Target Defense in Cloud Networks. In Proceedings of the International Conference on Decision and Game Theory for Security, Stockholm, Sweden, 30 October–1 November 2019; pp. 492–512. [Google Scholar] [CrossRef]
  81. Zhang, H.; Zheng, K.; Wang, X.; Luo, S.; Wu, B. Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks. IEEE Access 2019, 7, 65982–65995. [Google Scholar] [CrossRef]
  82. Rawski, M. Network Topology Mutation as Moving Target Defense for Corporate Networks. Int. J. Electron. Telecommun. 2019, 65, 571–577. [Google Scholar] [CrossRef]
  83. Zhou, Z.; Xu, C.; Kuang, X.; Zhang, T.; Sun, L. An Efficient and Agile Spatio-Temporal Route Mutation Moving Target Defense Mechanism. In Proceedings of the ICC 2019—2019 IEEE International Conference on Communications (ICC), Shanghai, China, 20–24 May 2019; pp. 1–6. [Google Scholar] [CrossRef]
  84. Macwan, S.; Lung, C.H. Investigation of Moving Target Defense Technique to Prevent Poisoning Attacks in SDN. In Proceedings of the 2019 IEEE World Congress on Services (SERVICES), Milan, Italy, 8–13 July 2019; pp. 178–183. [Google Scholar] [CrossRef]
  85. Sharma, D.; Kim, D.; Yoon, S.; Lim, H.; Cho, J.H.; Moore, T. FRVM: Flexible Random Virtual IP Multiplexing in Software-Defined Networks. In Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018; pp. 579–587. [Google Scholar] [CrossRef] [Green Version]
  86. Steinberger, J.; Kuhnert, B.; Dietz, C.; Ball, L.; Sperotto, A.; Baier, H.; Pras, A.; Dreo, G. DDoS defense using MTD and SDN. In Proceedings of the NOMS 2018—2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, 23–27 April 2018; pp. 1–9. [Google Scholar] [CrossRef]
  87. Chowdhary, A.; Sengupta, S.; Alshamrani, A.; Huang, D.; Sabur, A. Adaptive MTD Security using Markov Game Modeling. In Proceedings of the 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 18–21 February 2019. [Google Scholar] [CrossRef]
  88. Chowdhary, A.; Alshamrani, A.; Huang, D.; Liang, H. MTD Analysis and evaluation framework in Software Defined Network (MASON). In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Tempe, AZ, USA, 21 March 2018; pp. 43–48. [Google Scholar] [CrossRef]
  89. Sengupta, S.; Chowdhary, A.; Huang, D.; Kambhampati, S. Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud. In Proceedings of the 9th International Conference, GameSec 2018, Seattle, WA, USA, 29–31 October 2018. [Google Scholar]
  90. Chang, S.Y.; Park, Y.; Babu, B. Fast IP Hopping Randomization to Secure Hop-by-Hop Access in SDN. IEEE Trans. Netw. Serv. Manag. 2018, 16, 308–320. [Google Scholar] [CrossRef]
  91. Hong, J.; Yoon, S.; Lim, H.; Kim, D.S. Optimal Network Reconfiguration for Software Defined Networks Using Shuffle-Based Online MTD. In Proceedings of the 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS), Hong Kong, China, 26–29 September 2017; pp. 234–243. [Google Scholar] [CrossRef]
  92. Wang, J.; Xiao, F.; Huang, J.; Zha, D.; Hu, H.; Zhan, H. CHAOS: An SDN-based Moving Target Defense System. Secur. Commun. Netw. 2017, 2017, 3659167. [Google Scholar] [CrossRef]
  93. Luo, Y.b.; Wang, B.s.; Wang, X.F.; Zhang, B.f. A keyed-hashing based self-synchronization mechanism for port address hopping communication. Front. Inf. Technol. Electron. Eng. 2017, 18, 719–728. [Google Scholar] [CrossRef]
  94. Zhao, Z.; Liu, F.; Gong, D. An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting Attacks. Secur. Commun. Netw. 2017, 2017, 1560594. [Google Scholar] [CrossRef]
  95. Wang, K.; Chen, X.; Zhu, Y. Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks. PLoS ONE 2017, 12, e0177111. [Google Scholar] [CrossRef]
  96. Chowdhary, A.; Pisharody, S.; Alshamrani, A.; Huang, D. Dynamic Game based Security framework in SDN-enabled Cloud Networking Environments. In Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Scottsdale, AZ, USA, 24 March 2017; pp. 53–58. [Google Scholar] [CrossRef]
  97. Wang, L.; Wu, D. Moving Target Defense Against Network Reconnaissance with Software Defined Networking. In Proceedings of the 19th International Conference, ISC 2016, Honolulu, HI, USA, 3–6 September 2016; Volume 9866, pp. 203–217. [Google Scholar] [CrossRef]
  98. Sun, J.; Sun, K. DESIR: Decoy-enhanced seamless IP randomization. In Proceedings of the IEEE INFOCOM 2016—The 35th Annual IEEE International Conference on Computer Communications, San Francisco, CA, USA, 10–14 April 2016; pp. 1–9. [Google Scholar] [CrossRef]
  99. Zhang, L.; Wei, Q.; Gu, K.; Yuwen, H. Path hopping based SDN network defense technology. In Proceedings of the 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), Changsha, China, 13–15 August 2016; pp. 2058–2063. [Google Scholar] [CrossRef]
  100. Zhao, Z.; Gong, D.; Lu, B.; Liu, F.; Zhang, C. SDN-Based Double Hopping Communication against Sniffer Attack. Math. Probl. Eng. 2016, 2016, 8927169. [Google Scholar] [CrossRef]
  101. Achleitner, S.; Porta, T.; McDaniel, P.; Sugrim, S.; Krishnamurthy, S.; Chadha, R. Cyber Deception: Virtual Networks to Defend Insider Reconnaissance. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Austria, 28 October 2016; pp. 57–68. [Google Scholar] [CrossRef]
  102. Debroy, S.; Calyam, P.; Nguyen, M.; Stage, A.; Georgiev, V. Frequency-Minimal Moving Target Defense using Software-Defined Networking. In Proceedings of the 2016 International Conference on Computing, Networking and Communications (ICNC), Kauai, HI, USA, 15–18 February 2016. [Google Scholar] [CrossRef]
  103. Venkatesan, S.; Albanese, M.; Amin, K.; Jajodia, S.; Wright, M. A moving target defense approach to mitigate DDoS attacks against proxy-based architectures. In Proceedings of the 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, USA, 17–19 October 2016; pp. 198–206. [Google Scholar] [CrossRef]
  104. Aydeger, A.; Saputro, N.; Akkaya, K.; Rahman, M. Mitigating Crossfire Attacks Using SDN-based Moving Target Defense. In Proceedings of the 2016 IEEE 41st Conference on Local Computer Networks (LCN), Dubai, United Arab Emirates, 7–10 November 2016. [Google Scholar] [CrossRef]
  105. Maleki, H.; Valizadeh, S.; Koch, W.; Bestavros, A.; van Dijk, M. Markov Modeling of Moving Target Defense Games. In Proceedings of the 2016 ACM Workshop on Moving Target Defense, Vienna, Austria, 24 October 2016; pp. 81–92. [Google Scholar] [CrossRef]
  106. Ahmed, N.; Bhargava, B. Mayflies: A Moving Target Defense Framework for Distributed Systems. In Proceedings of the 2016 ACM Workshop on Moving Target Defense, Vienna, Austria, 24 October 2016; pp. 59–64. [Google Scholar] [CrossRef]
  107. Venkatesan, S.; Albanese, M.; Cybenko, G.; Jajodia, S. A Moving Target Defense Approach to Disrupting Stealthy Botnets. In Proceedings of the 2016 ACM Workshop on Moving Target Defense, Vienna, Austria, 24 October 2016; pp. 37–46. [Google Scholar] [CrossRef]
  108. MacFarland, D.; Shue, C. The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking. In Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, CO, USA, 12 October 2015; pp. 37–41. [Google Scholar] [CrossRef]
  109. Jafarian, J.; Al-Shaer, E.; Duan, Q. An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks. Inf. Forensics Secur. IEEE Trans. 2015, 10, 2562–2577. [Google Scholar] [CrossRef]
  110. Luo, Y.B.; Wang, B.S.; Wang, X.F.; Hu, X.F.; Cai, G.L.; Sun, H. RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries. In Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 20–22 August 2015; pp. 263–270. [Google Scholar] [CrossRef]
  111. Clark, A.; Sun, K.; Bushnell, L.; Poovendran, R. A Game-Theoretic Approach to IP Address Randomization in Decoy-Based Cyber Defense. In Proceedings of the 6th International Conference, GameSec 2015, London, UK, 4–5 November 2015; pp. 3–21. [Google Scholar] [CrossRef]
  112. Jafarian, J.; Al-Shaer, E.; Duan, Q. Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers. In Proceedings of the First ACM Workshop on Moving Target Defense, Scottsdale, AZ, USA, 7 November 2014; Volume 2014, pp. 69–78. [Google Scholar] [CrossRef]
  113. Jia, Q.; Wang, H.; Fleck, D.; Li, F.; Stavrou, A.; Powell, W. Catch me if you can: A cloud-enabled DDoS defense. In Proceedings of the 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Atlanta, GA, USA, 23–26 June 2014; pp. 264–275. [Google Scholar] [CrossRef]
  114. Peng, W.; Li, F.; Huang, C.T.; Zou, X. A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces. In Proceedings of the 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, Australia, 10–14 June 2014; pp. 804–809. [Google Scholar] [CrossRef]
  115. Jia, Q.; Sun, K.; Stavrou, A. MOTAG: Moving Target Defense against Internet Denial of Service Attacks. In Proceedings of the 2013 22nd International Conference on Computer Communication and Networks (ICCCN), Nassau, Bahamas, 30 July–2 August 2013; pp. 1–9. [Google Scholar] [CrossRef]
  116. Clark, A.; Sun, K.; Poovendran, R. Effectiveness of IP address randomization in decoy-based moving target defense. In Proceedings of the 52nd IEEE Conference on Decision and Control, Firenze, Italy, 10–13 December 2013; pp. 678–685. [Google Scholar] [CrossRef]
  117. Huang, Y.; Ghosh, A. Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services. In Moving Target Defense; Springer: New York, NY, USA, 2011; pp. 131–151. [Google Scholar] [CrossRef]
  118. Dunlop, M.; Groat, S.; Urbanski, W.; Marchany, R.; Tront, J. MT6D: A moving target IPv6 defense. In Proceedings of the MILCOM 2011 Military Communications Conference, Baltimore, MD, USA, 7–10 November 2011; pp. 1321–1326. [Google Scholar] [CrossRef]
  119. Azab, M.; Hassan, R.; Eltoweissy, M. ChameleonSoft: A Moving Target Defense System. In Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Orlando, FL, USA, 15–18 October 2011; pp. 241–250. [Google Scholar] [CrossRef]
  120. Narantuya, J.; Yoon, S.; Lim, H.; Cho, J.H.; Kim, D.; Moore, T.; Nelson, F. SDN-Based IP Shuffling Moving Target Defense with Multiple SDN Controllers. In Proceedings of the 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks—Supplemental Volume (DSN-S), Portland, OR, USA, 24–27 June 2019; pp. 15–16. [Google Scholar] [CrossRef]
  121. MATLAB. 9.11 (R2021b); The MathWorks Inc.: Natick, MA, USA, 2021. [Google Scholar]
  122. Van Rossum, G.; Drake, F.L. Python 3 Reference Manual; CreateSpace: Scotts Valley, CA, USA, 2009. [Google Scholar]
  123. Spring, N.; Mahajan, R.; Wetherall, D.; Anderson, T. Measuring ISP Topologies with Rocketfuel. Netw. IEEE/ACM Trans. 2004, 12, 2–16. [Google Scholar] [CrossRef]
  124. Mininet: An Instant Virtual Network on Your Laptop (or other PC). Available online: http://mininet.org/ (accessed on 14 October 2021).
  125. POX, a Networking Software Platform Written in Python. Available online: https://github.com/noxrepo/pox (accessed on 14 October 2021).
  126. Gude, N.; Koponen, T.; Pettit, J.; Pfaff, B.; Casado, M.; McKeown, N.; Shenker, S. NOX: Towards an operating system for networks. Comput. Commun. Rev. 2008, 38, 105–110. [Google Scholar] [CrossRef]
  127. Floodlight, a Community-Developed, Open Source, Java OpenFlow Controller. Available online: https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/overview (accessed on 14 October 2021).
  128. Jikecloud Cloud Services. Available online: https://www.jikecloud.net/ (accessed on 14 October 2021).
  129. Chun, B.; Culler, D.; Roscoe, T.; Bavier, A.; Peterson, L.; Wawrzoniak, M.; Bowman, M. Planetlab: An overlay testbed for broad-coverage services. ACM SIGCOMM Comput Commun Rev. Comput. Commun. Rev. 2003, 33, 3–12. [Google Scholar] [CrossRef]
  130. Berman, M.; Chase, J.; Landweber, L.; Nakao, A.; Ott, M.; Raychaudhuri, D.; Ricci, R.; Seskar, I. GENI: A Federated Testbed for Innovative Network Experiments. Comput. Netw. 2014, 61, 5–23. [Google Scholar] [CrossRef]
  131. Chowdhary, A.; Dixit, V.H.; Tiwari, N.; Kyung, S.; Huang, D.; Ahn, G.J. Science DMZ: SDN based secured cloud testbed. In Proceedings of the 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Berlin, Germany, 6–8 November 2017; pp. 1–2. [Google Scholar] [CrossRef]
  132. Ricci, R.; Eide, E.; Team, C. Introducing CloudLab: Scientific Infrastructure for Advancing Cloud Architectures and Applications. Login Usenix Mag. 2014, 39, 36–38. [Google Scholar]
  133. NS3, a Discrete-Event Network Simulator for Internet Systems. Available online: https://www.nsnam.org/ (accessed on 14 October 2021).
  134. Green, M.; MacFarland, D.; Smestad, D.; Shue, C. Characterizing Network-Based Moving Target Defenses. In Proceedings of the Second ACM Workshop on Moving Target Defense, Denver, CO, USA, 12 October 2015; pp. 31–35. [Google Scholar] [CrossRef]
  135. Dunlop, M.; Groat, S.; Marchany, R.C.; Tront, J.G. Implementing an IPv6 Moving Target Defense on a Live Network. 2012. Available online: https://vtechworks.lib.vt.edu/bitstream/handle/10919/84190/DunlopIPV62012.pdf (accessed on 1 September 2022).
  136. Rathee, S.; Sinha, Y.; Haribabu, K. A survey: Hybrid SDN. J. Netw. Comput. Appl. 2017, 100, 35–55. [Google Scholar] [CrossRef]
  137. Amin, R.; Reisslein, M.; Shah, N. Hybrid SDN Networks: A Survey of Existing Approaches. IEEE Commun. Surv. Tutor. 2018, 20, 3259–3306. [Google Scholar] [CrossRef]
  138. Krishnan, V.; Serres, O.; Blocksome, M. COnfigurable Network Protocol Accelerator (COPA): An Integrated Networking/Accelerator Hardware/Software Framework. In Proceedings of the 2020 IEEE Symposium on High-Performance Interconnects (HOTI), Piscataway, NJ, USA, 19–21 August 2020; pp. 17–24. [Google Scholar] [CrossRef]
  139. Tajbakhsh, H.; Parizotto, R.; Neves, M.; Schaeffer-Filho, A.; Haque, I. Accelerator-Aware In-Network Load Balancing for Improved Application Performance. In Proceedings of the 2022 IFIP Networking Conference (IFIP Networking), Catania, Italy, 13–16 June 2022; pp. 1–9. [Google Scholar] [CrossRef]
  140. Burres, B.; Daly, D.; Debbage, M.; Louzoun, E.; Severns-Williams, C.; Sundar, N.; Turbovich, N.; Wolford, B.; Li, Y. Intel’s Hyperscale-Ready Infrastructure Processing Unit (IPU). In Proceedings of the 2021 IEEE Hot Chips 33 Symposium (HCS), Palo Alto, CA, USA, 22–24 August 2021; pp. 1–16. [Google Scholar] [CrossRef]
  141. Intel, Explore the Power of Intel® Programmable Ethernet Switch Products, Intel. Available online: https://www.intel.com/content/www/us/en/products/network-io/programmable-ethernet-switch.html (accessed on 31 July 2022).
  142. Rossi Mafioletti, D.; Mello, R.; Ruffini, M.; Frascolla, V.; Martinello, M.; Ribeiro, M. Programmable Data Planes as the Next Frontier for Networked Robotics Security: A ROS Use Case. In Proceedings of the 2021 17th International Conference on Network and Service Management (CNSM), Izmir, Turkey, 25–29 October 2021; pp. 160–165. [Google Scholar] [CrossRef]
  143. Defining Insider Threats. Available online: https://www.cisa.gov/defining-insider-threats (accessed on 23 July 2022).
  144. IBM Security X-Force Threat Intelligence Index 2022. Available online: https://www.ibm.com/downloads/cas/ADLMYLAZ (accessed on 23 July 2022).
  145. Data Centre Networking: SmartNICs. Available online: https://ubuntu.com/blog/data-centre-networking-smartnics (accessed on 2 July 2022).
  146. Azure Accelerated Networking: SmartNICs in the Public Cloud. Available online: https://www.usenix.org/sites/default/files/conference/protected-files/nsdi18_slides_firestone.pdf (accessed on 2 July 2022).
  147. Miano, S.; Doriguzzi Corin, R.; Risso, F.; Siracusa, D.; Sommese, R. Introducing SmartNICs in Server-based Data Plane Processing: The DDoS Mitigation Use Case. IEEE Access 2019, 7, 107161–107170. [Google Scholar] [CrossRef]
  148. Dimolianis, M.; Pavlidis, A.; Maglaris, V. A Multi-Feature DDoS Detection Schema on P4 Network Hardware. In Proceedings of the 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 24–27 February 2020; pp. 1–6. [Google Scholar] [CrossRef]
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Article Metrics

Citations

Article Access Statistics

Journal Statistics
Multiple requests from the same IP address are counted as one view.
Download PDF
Feature Map Analysis-Based Dynamic CNN Pruning and the Acceleration on FPGAs
Previous
A Multi-Objective Approach for Optimizing Edge-Based Resource Allocation Using TOPSIS
Next