Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Doing Business As Name:University of North Carolina at Charlotte
  • Ehab S Al-Shaer
  • (630) 890-0225
Award Date:09/12/2013
Estimated Total Award Amount: $ 149,999
Funds Obligated to Date: $ 149,999
  • FY 2013=$149,999
Start Date:10/01/2013
End Date:09/30/2016
Transaction Type:Grant
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:EAGER: Toward Automated Integration of Moving Target Defense Techniques
Federal Award ID Number:1352238
DUNS ID:066300096
Parent DUNS ID:142363428
Program:Secure &Trustworthy Cyberspace
Program Officer:
  • Ralph Wachter
  • (703) 292-8950

Awardee Location

Street:9201 University City Boulevard
Awardee Cong. District:12

Primary Place of Performance

Organization Name:University of North Carolina Charlotte
Street:9201 University City Boulevard
Cong. District:12

Abstract at Time of Award

Moving Target defense (MTD) is a new Cybersecurity paradigm for deterring and disturbing attacks proactively in order to counter the ?asymmetry? phenomena in cyber warfare. A number of moving target techniques have been recently proposed to inverse this asymmetry by randomizing systems? attributes (e.g., configuration) and exhibiting non-determinism to attackers. However, due to potential inter-dependency between various MTD mechanisms, an ad hoc combination of MTD techniques can cause profoundly detrimental effect on security, performance and the operational integrity of the system. This project is investigating novel and transformative approaches to formulate a prescriptive framework to instantiate new MTD strategies that are correct-by-construction, from an arbitrary list of MTD mechanisms. The proposed framework enables integrating MTD mechanisms vertically, or horizontally, while balancing the benefit and cost of the synthesized integrated MTD strategy. As a case study, two main classes of MTD mechanisms, namely, Host Configuration Mutation and Network Configuration Mutation, are integrated to create a cohesive and more powerful composite MTD mechanism. To this end, the results of this research enable new theoretical foundations and transformative approaches in the science of moving target defense by contributing to the understanding of automated reasoning for moving target defense synthesis and evaluation. As this far-forward looking EAGER proposal exhibits high-risk, it also entails high-value that is to be always many steps ahead of attackers. Through the development of a framework for reasoning about MTD, MTD course modules will be developed. The software artifacts permit for further experimentation and progress in this area.

Publications Produced as a Result of this Research

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan "An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks" IEEE Transactions on Information Forensics and Security., v.10, 2015, p.2562 - 25. doi:10.1109/TIFS.2015.2467358 

Project Outcomes Report


This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

Cyber mutation is a novel game changing cyber defense approach that frequently changes (mutates) the cyber configuration in unpredictable yet safe manner fto make attack planning and execution much harder, more expensive and/or potentially detectable and infeasible.  There are many various cyber mutation techniques including Random Host Mutation, Random Route Mutation, Fingerprinting Mutation, and others.

Th goals of this project are to develop a theoretical framework to integrate multiple adaptive cyber mutation strategies deployed simultaneously on the same cyber system in order to increase uncertainty on the adversary while avoiding conflicts and preserving the system requirements.

For this purpose, we developed a novel technique that establishes proactive adaptability into the network in order to defend Enterprises from known and unknown (zero-day) external and internal reconnaissance and scanning. Our approach randomizes (i.e., changes) the IP addresses of network hosts frequently, in order to make them untraceable for network reconnaissance attacks. The distribution based on which these addresses are assigned to network hosts, as well as the rate with which the addresses are randomized is adaptively determined by considering potential attacker’s actions.

The adaptation is fast and accurate, both in terms of characterizing the attack, and deploying the new configuration. To achieve a fast and accurate characterization of adversarial scanning strategies, we observe the sequence of unsuccessful probes that are generated by network hosts and estimate their distribution using statistical hypothesis testing. These hypotheses are tested in a sequential manner, thus incurring low computational overhead while successfully characterizing and reacting to the attacker (scanner) strategy, without breaking any of the cyber operational requirements. Our evaluation shows that when using our adaptive mutation technique the traditional scanners can not discover more than 1% of cyber assets and mutation cost is negligible.

Last Modified: 10/01/2016
Modified by: Ehab S Al-Shaer

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.