Vulnerability defence using hybrid moving target defence in Internet of Things systems

Abstract

Cyber threat actors are increasingly targeting networked assets and critical infrastructure, with the potential for major socioeconomic impacts. Moving target defence (MTD) is a cyber defence paradigm that creates constantly shifting attack surfaces (i.e., vulnerabilities). It intends to make it more difficult for cyber adversaries to exploit systems, thereby increasing costs and chances of detection. There is a lack of research into the efficiency of combined MTD techniques, especially regarding several types of security considerations like time, cost, and effort. This gap is particularly significant in the Internet of Things (IoT) context, where security problems arise from its heterogeneous architecture. Moreover, MTD may result in the overutilization of network and system resources to enhance cybersecurity. We present a Vulnerability Defence method to address this issue using the three-layer Temporal Hierarchical Attack Representation Model (3-layer-THARM). This approach overcomes this difficulty by evaluating the safety of aggregated network states, considering security metrics in each state and the accessibility of network nodes and edges. Using this model, we can recognize probable attack scenarios in the context of Internet of Things (IoT) systems, conduct a thorough security analysis of the IoT system using well-defined security metrics, and assess the effectiveness of various defence tactics. This feature inherently introduces an additional level of security for the system. Furthermore, this model showcases the ability to identify potential attack pathways and effectively mitigate the consequences of such attacks. Our analysis reveals a noteworthy trend: combining MTD techniques from different categories, such as shuffle and diversity, generally produces more favorable outcomes, including a lower probability of attack success, lower attack risk and higher attack cost.