A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new cost-effective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks

Moving Cooler: An Analysis of Transportation Strategies for Reducing Greenhouse Gas Emissions

Summarizes estimates of the costs and impact on greenhouse gas emissions of transportation strategies that raise fuel efficiency, lower fuel carbon content, reduce vehicle travel, and improve the transportation network and of combinations of strategies

Integrating fluctuations into distribution of resources in transportation networks

We propose a resource distribution strategy to reduce the average travel time in a transportation network given a fixed generation rate. Suppose that there are essential resources to avoid congestion in the network as well as some extra resources. The strategy distributes the essential resources by the average loads on the vertices and integrates the fluctuations of the instantaneous loads into the distribution of the extra resources. The fluctuations are calculated with the assumption of unlimited resources, where the calculation is incorporated into the calculation of the average loads without adding to the time complexity. Simulation results show that the fluctuation-integrated strategy provides shorter average travel time than a previous distribution strategy while keeping similar robustness. The strategy is especially beneficial when the extra resources are scarce and the network is heterogeneous and lowly loaded.Comment: 14 pages, 4 figure

Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants

The predictability of program execution provides attackers a rich source of knowledge who can exploit it to spy or remotely control the program. Moving target defense addresses this issue by constantly switching between many diverse variants of a program, which reduces the certainty that an attacker can have about the program execution. The effectiveness of this approach relies on the availability of a large number of software variants that exhibit different executions. However, current approaches rely on the natural diversity provided by off-the-shelf components, which is very limited. In this paper, we explore the automatic synthesis of large sets of program variants, called sosies. Sosies provide the same expected functionality as the original program, while exhibiting different executions. They are said to be computationally diverse. This work addresses two objectives: comparing different transformations for increasing the likelihood of sosie synthesis (densifying the search space for sosies); demonstrating computation diversity in synthesized sosies. We synthesized 30184 sosies in total, for 9 large, real-world, open source applications. For all these programs we identified one type of program analysis that systematically increases the density of sosies; we measured computation diversity for sosies of 3 programs and found diversity in method calls or data in more than 40% of sosies. This is a step towards controlled massive unpredictability of software