Moving target defense through evolutionary algorithms.

Moving target defense is a technique for protecting internet-facing systems via the creation of a variable attack surface, that is, a changing profile that, however, is able to provide the same service to legitimate users. In the case of internet servers, it can be achieved via the generation of different configurations that change the service profile, and that can be included in a policy of restarting services with new configurations after a random time and with a random frequency. In this paper we will present a method based on evolutionary algorithms that uses industry-standard practices to score the vulnerability of a server and is designed to generate multiple configurations with optimized score in every run of the algorithm. We make improvements over a previous version of the method by tuning the evolutionary algorithm with the challenge of the very costly fitness evaluation that only allows for a very limited evaluation budget.