Moving Target Defense (MTD) has recently emerged as a game changer in the security landscape due to its proven potential to introduce asymmetric uncertainty that gives the defender a tactical advantage over the attacker. Many different MTD techniques have been developed, but, despite the huge progress made in this area, critical gaps still exist with respect to the problem of studying and quantifying the cost and benefits of deploying MTDs. In fact, all existing techniques address a very narrow set of attack vectors, and, due to the lack of shared metrics, it is difficult to quantify and compare multiple techniques. Building on our preliminary work in this field, we propose a quantitative analytic model for assessing the resource availability and performance of MTDs, and a method for maximizing a utility function that captures the tradeoffs between security and performance. The proposed model generalizes our previous model and can be applied to a wider range of MTDs and operational scenarios to improve availability and performance by imposing limits on the maximum number of resources that can be in the process of being reconfigured. The analytic results are validated by simulation and experimentation, confirming the accuracy of our model.

中文翻译：

---

具有重新配置限制的移动目标防御的性能建模

移动目标防御 (MTD) 最近已成为安全领域的游戏规则改变者，因为它被证明有可能引入不对称的不确定性，使防御者比攻击者具有战术优势。已经开发了许多不同的 MTD 技术，但是，尽管在该领域取得了巨大进展，但在研究和量化部署 MTD 的成本和收益的问题方面仍然存在重大差距。事实上，所有现有技术都针对一组非常狭窄的攻击向量，并且由于缺乏共享指标，很难量化和比较多种技术。基于我们在该领域的初步工作，我们提出了一个定量分析模型，用于评估 MTD 的资源可用性和性能，以及一种最大化效用函数的方法，该函数捕获了安全性和性能之间的权衡。所提出的模型概括了我们之前的模型，可以应用于更广泛的 MTD 和操作场景，通过对可重新配置的最大资源数量施加限制来提高可用性和性能。分析结果通过模拟和实验验证，证实了我们模型的准确性。