Stationary Models of Adversarial Coupon Collection with an Application to Moving-Target Defense
摘要
In cybersecurity, moving-target defense (MTD) mitigates reconnaissance attacks from botnets by periodically resetting server identities, disrupting adversarial intelligence gathering. We model this defense mechanism as a dynamic coupon collection process, where servers correspond to coupon types and botnet attacks to coupon acquisitions. The defender’s intervention (removing collected coupons) represents server resets, restoring their uncompromised state. In this paper, we derive various results regarding the number of compromised servers under various stochastic attack-defense dynamics.