부산대학교 도서관

Moving Target Defense (MTD) has proven to be a powerful security concept for threat prevention in critical systems, and has been recently applied to protect IoT networks by attempting to dynamically shift the attack surface over time. IoT devices usually have low computational capabilities making it difficult to implement advanced security features to combat cyber attacks, especially Distributed Denial of Service (DDoS), which has shown to be a serious threat to edge/cloud networks. Hence, the idea of a network-based MTD consisting of strategic movement of IoT network parameters such as IP addresses and port numbers to avoid a static configuration is very appealing as a way to make it difficult for an attacker to infiltrate the network and compromise devices following prolonged reconnaissance. However, designing effective MTD strategies is challenging, especially when maintaining IoT service performance is key. This paper addresses the following question: When is the right time to trigger MTD adaptations in a resource-constrained IoT network vulnerable to DoS attacks? To answer this question, the paper formulates an optimization problem in an MTD-driven IoT system using a game-theoretic model. The problem is then solved to produce the optimal defense strategies against DDoS attacks, allowing the system to make dynamic MTD decisions over time following the analysis of Nash equilibrium points in terms of various network configurations.