Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part I

Research Article

Repeatable Experimentation for Cybersecurity Moving Target Defense

  • @INPROCEEDINGS{10.1007/978-3-030-90019-9_5,
        author={Jaime C. Acosta and Luisana Clarke and Stephanie Medina and Monika Akbar and Mahmud Shahriar Hossain and Frederica Free-Nelson},
        title={Repeatable Experimentation for Cybersecurity Moving Target Defense},
        proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I},
        proceedings_a={SECURECOMM},
        year={2021},
        month={11},
        keywords={Cybersecurity Repeatable experimentation Dynamic defense Moving target defense},
        doi={10.1007/978-3-030-90019-9_5}
    }
    
  • Jaime C. Acosta
    Luisana Clarke
    Stephanie Medina
    Monika Akbar
    Mahmud Shahriar Hossain
    Frederica Free-Nelson
    Year: 2021
    Repeatable Experimentation for Cybersecurity Moving Target Defense
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-030-90019-9_5
Jaime C. Acosta1, Luisana Clarke2, Stephanie Medina2, Monika Akbar2, Mahmud Shahriar Hossain2, Frederica Free-Nelson1
  • 1: DEVCOM Army Research Laboratory
  • 2: University of Texas at El Paso

Abstract

The scientific method emphasizes that repeatable experimentation is critical for several reasons; to facilitate comparative analysis, to recreate experiments, to re-validate reported results, to critique and propose improvements, and to augment the work. In the field of cybersecurity moving target defense, where assets are shuffled to thwart attackers, it is critical to know what strategies work best, the success factors, and how these strategies may impact system performance. While some researchers make their algorithms, models, and tools available as open source, it is difficult and, in some cases, impossible to recreate studies due to the lack of the original operating environment or no support for software components used within that environment.