Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Moving target defense vs. moving target attacks: The two faces of deception

Mordechai Guri, Chief Science Officer | Jan. 5, 2016
The unceasing arms-race between cyber attackers and cyber defenders has gained unprecedented levels of sophistication and complication.

Other techniques involve changing the application type and versioning and rotating them between different hosts, or using different settings and programming languages to compile the source-code, generating different code in every compilation. Table 2 lists the common techniques used in the different categories of MTD.

Deception techniques used by the defenders

Information system part

Deception method


Route change; random addresses, names and ports


Policy change


Change host address, replace host image.


Change version and release; change host ID; Change memory addresses, structures, resource names

The “Moving Target Defense” paradigm promises to break the (a)symmetry between the attacker and the defender. Now the attacker must also operate under uncertainty and unpredictability, where previously these were the concerns of the defender alone.

While network-level MTD is an interesting concept, randomizing IP addresses, network topology and configuration is not sufficient. The final destinations for attackers are the hosts, servers and end-points located behind the networks, firewalls and routers. The Operating System and applications are the lucrative target for zero-day exploits, malware and Advanced Persistent Threats (APT), and hence they serve as the main playground in the attacker-defender game.

Admittedly, the MTD paradigm is still in its infancy, yet it is safe to predict that it's best focused on applications and operating systems.

Some new technologies are taking the MTD paradigm to the next level, by creating environmental modifications of the application and the operating system, in a manner unknown to the attacker. Consequently, the elementary presuppositions used by the attacker in planning and deploying the offensive steps are made irrelevant. Each function call, jump to address or resource access entails potential failure, along with full exposition of the attack. Under these conditions, the costs of the attack rise steeply, while its probability of success sharply declines, making the attack practically and economically less feasible.

Over the near future we are going to witness an adoption of MTD in the seemingly endless cyberwarfare between defenders and offenders. Does it bring this war to its unexpected end? It is still too early to tell, but MTD stands out as a new factor that forces new rules in this old adversarial game.

Mordechai Guri is the Chief Science Officer of Morphisec, an innovator in moving target defense. He is also a security researcher, project manager and lecturer at the Ben Gurion University of the Negev, in the cybersecurity labs division.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.