Quantifying Cybersecurity Effectiveness of Dynamic Network Diversity

TL;DR

This paper introduces a systematic framework and metrics to quantify how effective network-wide software diversity is in enhancing cybersecurity, supported by agent-based simulations.

Contribution

It develops a novel framework and metrics for assessing cybersecurity benefits of network diversity, addressing a gap in existing research.

Findings

Reactive-adaptive diversity outperforms proactive diversity in most scenarios

The framework provides measurable insights into cybersecurity effectiveness

Simulations validate the practical usefulness of the proposed metrics

Abstract

The deployment of monoculture software stacks can have devastating consequences because a single attack can compromise all of the vulnerable computers in cyberspace. This one-vulnerability-affects-all phenomenon will continue until after software stacks are diversified, which is well recognized by the research community. However, existing studies mainly focused on investigating the effectiveness of software diversity at the building-block level (e.g., whether two independent implementations indeed exhibit independent vulnerabilities); the effectiveness of enforcing network-wide software diversity is little understood, despite its importance in possibly helping justify investment in software diversification. As a first step towards ultimately tackling this problem, we propose a systematic framework for modeling and quantifying the cybersecurity effectiveness of network diversity, including a suite of cybersecurity metrics. We also present an agent-based simulation to empirically demonstrate the usefulness of the framework. We draw a number of insights, including the surprising result that proactive diversity is effective under very special circumstances, but reactive-adaptive diversity is much more effective in most cases.