Cybersecurity“Moving-target” defense against distributed denial-of-service attacks

Published 25 March 2016

Researchers propose a “moving-target” defense against distributed denial-of-service attacks. The defense works by repeatedly shuffling client-to-server assignments to identify and eventually quarantine malicious clients.

A team of George Mason researchers proposes a “moving-target” defense against distributed denial-of-service attacks. The defense works by repeatedly shuffling client-to-server assignments to identify and eventually quarantine malicious clients.

Denial-of-service attacks, which work by overwhelming a target system thereby forcing it to shut down and deny service to legitimate users, are increasing in severity as assault methods become more sophisticated and attackers’ goals more sinister. These types of attacks hit a record high in 2015 increasing by as much as 132 percent over the previous year according to Digital Trends.

“Our research is vital as a real-world solution to these attacks, which are one of the most critical cybersecurity threats today, crippling online businesses with downed websites, financial losses and damaged client relationships,” says Angelos Stavrou who helped conduct the research and teaches in Mason’s MS in Management of Secure Information Systems program.

The research on this innovative cybersecurity defense is starting to get industry recognition having just been published in the March 2016 issue of IEEE Computer magazine.

GMU reports that the graphic below shows a simple example of the shuffling or “moving target” defense. The protected system has two servers for normal operation, and each is under attack by a malicious client blended with legitimate clients (C1-C4). The “moving target” defense introduces two additional servers and repeatedly shuffles clients until only one server is being attacked.

Eventually, in a process that involves multiple servers and multiple rounds of shuffling, it is possible to identify and segregate the attackers. The system, even when under attack, will be available to most legitimate clients — preserving the organization’s reputation, productivity and revenue.

— Read more in A, Stavrou et al., “On the Move: Evading Distributed Denial-of-Service Attacks,” IEEE Explore 49, no. 3 (14 March 2016) (DOI: 10.1109/MC.2016.85)