MTD represents a way of defending networked systems on different levels. It mainly focuses on shifting the different surfaces of the protected environment. As a result, the formerly static attack surface now behaves dynamically whilst the relationship of ports to services and network addresses to hosts can be changed. Most MTD approaches have only been evaluated theoretically and comparisons are still lacking. Hence, based on existing results, it is not possible to contrast implementations like PH and NAS in terms of security and network performance. To mitigate these shortcomings, we developed a hybrid platform that evaluates such techniques with additional features such as connection tracker with fingerprinting service and a honeypot module, which is helpful to bypass attackers attempts.
Recommended citation: R. Poschinger, N. Rodday, R. Labaca-Castro, G. Dreo Rodosek: OpenMTD: A Framework for Efficient Network-Level MTD Evaluation. ACM 27th Conference on Computer and Communications Security (CCS), Orlando, United States, November 09, 2020.