Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker’s inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and targeted threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

中文翻译：

---

网络安全移动目标防御调查

由于网络服务和配置的静态特性，基于传统工具、技术和程序 (TTP) 的网络防御无法解决攻击者的固有优势。为了消除这种不对称优势，移动目标防御 (MTD) 不断改变底层系统的配置，从而降低网络攻击的成功率。在本次调查中，我们分析了 MTD 开发中取得的最新进展，并强调 (1) 如何使用通用术语定义这些防御，(2) 可以通过使用人工智能技术进行决策来提高效率，( 3) 在实践中实施和 (4) 评估。我们首先使用一个简单而通用的符号来定义一个 MTD，它捕获了这种防御的关键方面。然后我们根据它们移动的内容、移动时间和移动方式将这些防御分为不同的子类。在试图回答后一个问题时，我们展示了领域知识和博弈论建模的使用可以帮助防守者提出有效和高效的运动策略。其次，为了了解这些防御方法的实用性，我们讨论了各种 MTD 是如何实现的，并发现软件定义网络和网络功能虚拟化等网络技术是实现这些动态防御的关键推动因素。然后，我们简要介绍了 MTD 测试台和案例研究，以帮助想要检查或部署现有 MTD 技术的读者。第三，我们的调查根据他们用来评估其在安全性和性能方面的有效性的定性和定量指标对提议的 MTD 进行分类。我们使用定义明确的指标（例如风险分析和性能成本）进行定性评估，并使用基于机密性、完整性、可用性 (CIA)、攻击表示、QoS 影响和目标威胁模型的指标进行定量评估。最后，我们表明我们对 MTD 的分类可以有效地识别新的研究领域并突出未来研究的方向。和用于定量评估的目标威胁模型。最后，我们表明我们对 MTD 的分类可以有效地识别新的研究领域并突出未来研究的方向。和用于定量评估的目标威胁模型。最后，我们表明我们对 MTD 的分类可以有效地识别新的研究领域并突出未来研究的方向。