부산대학교 도서관

This article presents the results of a process to quantify the computational costs required by movements in endpoint detection and response (EDR) systems based on Moving Target Defense (MTD), under conditions close to real production. Our approach focuses on the different levels of abstraction in which a movement can be executed, including movements within the system, movements within the running application or service, movements within the operating system, and interactions beyond the boundaries of the operating system. A taxonomy of classification by type of movement executed at an end point is presented. The taxonomy considers the characteristics and the impact on the consumption of resources necessary for the execution of the movements in the endpoint. The process includes designing and selecting the most representative test scenarios that closely real-world environments. It also involves defining key variables to quantify, such as execution time and resource consumption. We report the tools and technologies used for executing the tests and collecting quantified data. Finally, we analyze and discuss of the achieved best results. This analysis provides a clear understanding of the implications and consequences of each type of movement, identifying patterns and trends in it is execution. The results enable informed decision-making when implementing MTD-based strategies.