Abstract

Moving-target defense has been hypothesized as a potential game changer in cyber defense, including that for computer networks. However there has been little work to study how much proactively changing a network’s configuration can increase the difficulty for attackers and thus improve the resilience of the system under attack. In this paper we present a basic design schema of a movingtarget network defense system. Based on this design schema, we conducted a simulation-based study to investigate the degree to which proactively changing a network’s various parameters can decrease an adversary’s chance for success. We believe this is an important first step towards understanding why and how the concept of a moving target can be successfully applied to computer network defenses.