Moving Target Defense for Web Applications using Bayesian Stackelberg Games

TL;DR

This paper introduces a Bayesian game-based framework for moving target defense in web applications, optimizing configuration switching strategies to enhance security while considering costs and attacker uncertainties.

Contribution

It models MTD as a repeated Bayesian game, formulates an optimization for switching strategies, and develops an automated system using CVE data for realistic attacker modeling.

Findings

The framework effectively generates switching strategies that improve security.

It incorporates real-world vulnerability data for realistic attacker modeling.

The system demonstrates robustness under attacker information uncertainty.

Abstract

The present complexity in designing web applications makes software security a difficult goal to achieve. An attacker can explore a deployed service on the web and attack at his/her own leisure. Moving Target Defense (MTD) in web applications is an effective mechanism to nullify this advantage of their reconnaissance but the framework demands a good switching strategy when switching between multiple configurations for its web-stack. To address this issue, we propose modeling of a real-world MTD web application as a repeated Bayesian game. We then formulate an optimization problem that generates an effective switching strategy while considering the cost of switching between different web-stack configurations. To incorporate this model into a developed MTD system, we develop an automated system for generating attack sets of Common Vulnerabilities and Exposures (CVEs) for input attacker types with predefined capabilities. Our framework obtains realistic reward values for the players (defenders and attackers) in this game by using security domain expertise on CVEs obtained from the National Vulnerability Database (NVD). We also address the issue of prioritizing vulnerabilities that when fixed, improves the security of the MTD system. Lastly, we demonstrate the robustness of our proposed model by evaluating its performance when there is uncertainty about input attacker information.