Defending from Stealthy Botnets Using Moving Target Defenses

In today’s IT landscape, organizations are increasingly exposed to an array of novel and sophisticated threats—including advanced persistent threats (APTs) and distributed denial-of-service (DDoS) attacks—which can bypass traditional defenses and persist in target systems indefinitely. Threat actors often rely on networks of compromised and remotely controlled hosts, known as botnets, to execute a number of different cyberattacks and engage in criminal or unauthorized activities. Protecting sensitive and mission-critical data from competitors, state actors, and organized crime has become increasingly critical for the well-being of many organizations. A promising approach to botnet detection and mitigation relies on moving target defense (MTD), a novel and game-changing approach to cyber defense. MTD creates asymmetric uncertainty, providing the defender with a tactical advantage over the attacker. MTD techniques are designed to continuously change or shift a system’s attack surface, thus increasing cost and complexity for the threat actors. We show how the botnet detection and mitigation problem can be decomposed in three related and relatively simpler challenges, and how these challenges can be effectively tackled adopting an MTD approach, ultimately limiting the ability of a botnet to persist within a target system.