Abstract
Web servers are targets for cyberattacks because they contain valuable information, which could facilitate interactions with another system or damage an organization’s reputation. In the last two decades, Moving Target Defense (MTD) research has gained attention as a cyber resilient technique to mitigate cyber threats. However, most MTD work focuses on the network layer, and there is not much work to support the service layer. This research is an experimental evaluation of Dynamic Application Rotational Environment (DARE) and Dare IMproved (DIM). DIM is an enhanced version of DARE that leverages a host-based firewall to rotate between web servers located on the same host. The main contribution of this work is furthering the understanding of implementing a centralized host-based MTD architecture for web servers. Results show that DIM can maintain availability while thwarting attacks, whereas DARE limits the availability of the web server.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Carter, K.M., Riordan, J.F., Okhravi, H.: A game theoretic approach to strategy determination for dynamic platform defenses. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 21–30. ACM, Scottsdale, Arizona, USA (2014)
Company, N.L.: October 2021 web survey survey (2021). https://news.netcraft.com/archives/2021/10/15/october-2021-web-server-survey.htmll
Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-tuong, A., Hiser, J.: N-variant systems: A secretless framework for security through diversity. In: In Proceedings of the 15th USENIX Security Symposium, pp. 105–120. Citeseer, USENIX, Cancouver, B.C., Canada (2006)
Fol, C.: Carpe (diem): Cve-2019-0211 apache root privilege escalation. Github (2019). https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Fol, C.: CVE-2019-0211. The National Institute of Standards and Technology , CVE-ID CVE-2019-0211 (2019). https://nvd.nist.gov/vuln/detail/CVE-2019-0211
Hennion, N.: Glances (2017). http://glances.readthedocs.io/en/latest/
Lyon, G.: Nmap (2017). https://nmap.org/
Miehling, E., Rasouli, M., Teneketzis, D.: Optimal defense policies for partially observable spreading processes on bayesian attack graphs. In: Proceedings of the Second ACM Workshop on Moving Target Defense, pp. 67–76. ACM, Denver, Colorado, USA (2015)
Reitz, K.: Requests: Http for humans (2021). https://docs.python-requests.org/en/latest/
Thompson, M., Mendolla, M., Muggler, M., Ike, M.: Dynamic application rotation environment for moving target defense. In: 2016 Resilience Week (RWS), pp. 17–26. IEEE, Chicago, IL, USA (2016). https://doi.org/10.1109/RWEEK.2016.7573301
Welte, H., Ayuso, P.N.: The netfilter.org iptbles project (2014). http://www.netfilter.org/projects/iptables/index.html
Zhu, Q., Başar, T.: Game-theoretic approach to feedback-driven multi-stage moving target defense. In: International Conference on Decision and Game Theory for Security, pp. 246–263. Springer, Fort Worth, TX, USA (2013)
Zhuang, R., Zhang, S., Deloach, S.A., Ou, X., Singhal, A.: Simulation-based approaches to studying effectiveness of moving-target network defense. NSF, Annapolis, MD (2012)
Acknowledgements
This work is a joint collaboration between Pacific Northwest National Laboratory and Argonne National Laboratory. Argonne National Laboratory’s work was supported by the U.S. Department of Energy, Office of Science under Contract No.DE-AC02-06CH11357. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect those of the sponsors of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wright-Hamor, C., Bisinger, S., Neel, J., Blakely, B., Evans, N. (2023). A Preventative Moving Target Defense Solution for Web Servers Using Iptables. In: Onwubiko, C., et al. Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media. Springer Proceedings in Complexity. Springer, Singapore. https://doi.org/10.1007/978-981-19-6414-5_11
Download citation
DOI: https://doi.org/10.1007/978-981-19-6414-5_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-6413-8
Online ISBN: 978-981-19-6414-5
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)