Agent-based simulation in support of moving target cyber defense technology development and evaluation

Moving target (MT) technologies are a class of cyber security defensive techniques that seek to protect computer networks by making them less homogenous, less static, and less deterministic in order to increase the complexity required for a successful cyber attack. MT techniques are associated with performance costs, and thus their effectiveness and overhead must be evaluated before deployment in a live setting. However, testing the effectiveness and usage costs of a newly-developed MT technique on a live computer network is a costly process. This paper presents an agent-based approach for simulating an operational network and measuring the impact of security policies that incorporate MT technologies. The proposed agent-based simulation system (ABS) is intended to evaluate candidate MT techniques and provide important and cost-effective support for the overall MT technology development and testing process. We demonstrate the ABS model via a case study that evaluates a particular MT technology and discuss how this evaluation via simulation can be used to support the larger process of MT technology development and testing.