This survey examines recent strategic approaches to Moving Target Defense (MTD) and self-defending systems, focusing on their strategy design, reconfiguration mechanisms, and adaptive behavior within cybersecurity contexts. Through a structured review of scientific literature, the study classifies existing approaches across multiple groups, including strategic objectives, threat models, control models, agent integration, and protected assets. The classification reveals recurring patterns, unresolved challenges, and conceptual gaps, particularly the common tendency to reduce strategies to isolated technical mechanisms. This observation motivates a rethinking of how strategy is defined and design in cybersecurity defense systems. As a contribution, the article presents StratEDR, a novel conceptual MTD strategy based on a language-model-driven agent that governs behavioral inspection and movement decisions within a honeypot environment. Suspicious traffic, flagged by external systems such as SIEM or IDS, is redirected to this environment, where the agent analyzes activity prior to authorizing access to the production infrastructure. The insights and classification framework offered in this work are intended to support researchers and professionals in analyzing, comparing, and designing dynamic defense strategies with greater architectural clarity and strategic intent.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Rethinking Dynamic Security Strategies: A Survey of Moving Target Defense and Self-Defending Systems Design

  • Alan Ignacio Delgado Alarcon,
  • Eleazar Aguirre Anaya,
  • Nidia Asunción Cortez Duarte,
  • Florencio Javier González Rodríguez

摘要

This survey examines recent strategic approaches to Moving Target Defense (MTD) and self-defending systems, focusing on their strategy design, reconfiguration mechanisms, and adaptive behavior within cybersecurity contexts. Through a structured review of scientific literature, the study classifies existing approaches across multiple groups, including strategic objectives, threat models, control models, agent integration, and protected assets. The classification reveals recurring patterns, unresolved challenges, and conceptual gaps, particularly the common tendency to reduce strategies to isolated technical mechanisms. This observation motivates a rethinking of how strategy is defined and design in cybersecurity defense systems. As a contribution, the article presents StratEDR, a novel conceptual MTD strategy based on a language-model-driven agent that governs behavioral inspection and movement decisions within a honeypot environment. Suspicious traffic, flagged by external systems such as SIEM or IDS, is redirected to this environment, where the agent analyzes activity prior to authorizing access to the production infrastructure. The insights and classification framework offered in this work are intended to support researchers and professionals in analyzing, comparing, and designing dynamic defense strategies with greater architectural clarity and strategic intent.