A New Dynamic Cyber Defense Framework

A New Dynamic Cyber Defense Framework

Jim Q. Chen (DoD National Defense University, Washington, D.C., United States)
Copyright: © 2017 |Pages: 9
DOI: 10.4018/IJCWT.2017100102


Current approaches in cyber defense are flawed as they are fortress-based and generally static in nature. They are not flexible in dealing with variations of attacks, especially zero-day attacks. To address this issue, researchers have looked into dynamic cyber defense. However, the available approaches are either only about high-level strategies or only about specific tactics. There is no integrated approach that brings both levels together in a systematic way. This research article intends to address this challenge by proposing a new dynamic cyber defense framework that is systematic and cohesive, and that integrates strategic, operational, and tactical levels. It improves the research in dynamic cyber defense by employing game-changing elements such as a contextual analysis system and an intelligent decision-making system.
Article Preview


There is a dilemma in cybersecurity. Significant investment has been made to protect computing devices, systems, and data. However, devices and systems still have been hacked and compromised, and data still have been stolen. What has gone wrong in cyber defense? An examination of the available apparatus utilized to defend cyberspace reveals that most solutions are static in nature; namely, computing devices, systems, and data are protected within a fortress, which has layers of defense such as access firewalls, intrusion detection and intrusion prevention systems, anti-malware software, access control systems, continuous monitoring systems, and log systems. To the outside world, it is obvious that assets are held inside the fortress. If one could bypass the layers of defense, one could get access to the jewels of information. The static characteristics are further consolidated with the implementation of static Ethernet addresses and static IP addresses, which serve as targets for search engines, such as Shodan, which discovers any devices connected via the Internet. In addition, the use of the TCP/IP stack may introduce other risks and unexpected consequences. Kovacs (2015) notes that the remotely exploitable TCP/IP stack vulnerability (CVE-2014-9196) “could allow an attacker to launch man-in-the-middle (MitM) attacks against [the Eaton Cooper Power Series Form 6 recloser control and Idea/IdeaPLUS relay protection platforms] products that are accessible via the Internet”. As explained in the MITRE CVE web site (2015), these power grid control and relay products generate “TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value”. In this sense, the attack surface is greatly increased if a device is connected to the Internet with an IP address, especially a static IP address. Industry control systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Internet/web cameras, and routers are good examples, as they are the popular search items in Shodan searches.

To reduce the attack surface, the mindset in defense needs to be changed. If a computing device is made to be a moving target, or at least seems to be, it increases the level of difficulty for attackers. The question is how to make it happen. In literature, it can be found that some researchers design obscurity methods, such as methods of making IP addresses anonymous or obscure as well as methods of hiding IP addresses. Other researchers invent dynamic addressing. All these methods obviously have their advantages over the static addressing methods, including the DHCP method. However, they have not been successfully implemented. It is odd to see these ideas are not put into use even though they have significant potential. This research article attempts to analyze, from different perspectives, the reasons for this odd phenomenon and to find out its root cause. This analysis leads to the exploration of an innovative solution that incorporates contextual analysis into dynamic defense in order to customize dynamic changes.

This article is organized as follows. In the first section, an introduction to the challenge is provided. Next, related works are examined. The current approaches and their limitations are also analyzed. In the next section, an innovative solution is proposed. Next, the proposed approach is further discussed and applied to a specific case. Its advantages are discussed. Directions for future research are also suggested. Finally, a conclusion is drawn.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 9: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 8: 4 Issues (2018)
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing