With numbers of exploitable vulnerabilities and attacks on networks constantly increasing, it is important to employ defensive techniques to protect one’s systems. A wide range of defenses are available and new paradigms such as Moving Target Defense (MTD) rise in popularity. But to make informed decisions on which defenses to implement, it is necessary to evaluate their effectiveness first. In many cases, the full impact these techniques have on security is not well understood yet. In this paper we propose network defense evaluation based on detailed attack simulation. Using a flexible modeling language, networks, attacks, and defenses are described in high detail, yielding a fine-grained scenario definition. Based on this, an automated instantiator generates a wide range of realistic benchmark networks. These serve to perform simulations, allowing to evaluate the security impact of different defenses, both quantitatively and qualitatively. A case study based on a mid-sized corporate network scenario and different Moving Target Defenses illustrates the usefulness of this approach. Results show that virtual machine migration, a frequently suggested MTD technique, more often degrades than improves security. Hence, we argue that evaluation based on realistic attack simulation is a qualified approach to examine and verify claims of newly proposed defense techniques.

随着可利用的漏洞和网络攻击的数量不断增加，采用防御技术来保护自己的系统非常重要。可用的防御范围很广，并且诸如移动目标防御 (MTD) 之类的新范式越来越受欢迎。但要就实施哪些防御做出明智的决定，有必要首先评估其有效性。在许多情况下，这些技术对安全性的全面影响还不是很清楚。在本文中，我们提出了基于详细攻击模拟的网络防御评估。使用灵活的建模语言，对网络、攻击和防御进行了高度详细的描述，从而产生了细粒度的场景定义。基于此，自动实例化器生成广泛的现实基准网络。这些用于执行模拟，允许定量和定性地评估不同防御措施的安全影响。基于中型企业网络场景和不同移动目标防御的案例研究说明了这种方法的实用性。结果表明，虚拟机迁移（一种经常建议的 MTD 技术）通常会降低安全性而不是提高安全性。因此，我们认为基于真实攻击模拟的评估是检查和验证新提出的防御技术声明的合格方法。往往会降低安全性而不是提高安全性。因此，我们认为基于真实攻击模拟的评估是检查和验证新提出的防御技术声明的合格方法。往往会降低安全性而不是提高安全性。因此，我们认为基于真实攻击模拟的评估是检查和验证新提出的防御技术声明的合格方法。