Homogeneous networked systems are at high risk of being compromised by malicious attacks that exploit a single weakness common to all. Following the survivability through heterogeneity philosophy, we present a novel approach to improving survivability of networked systems via software diversity. In this work, we propose an algorithm for assigning a number of software packages over a network of systems in an intelligent way such that machines running identical software are isolated into small “islands”, hence restricting the worm-like attacks from propagation. While developing the algorithm, we take into consideration not only practical constraints, including host functionality and software availability, but also weight, severity and impact range of vulnerability, well balancing and effectively minimizing the potential damage by an single attack. We also introduce possible enhancements by taking advantage of topological features of the network. Finally, we present a comparative analysis of our algorithm using simulation over various network structures. The results not only confirm the effectiveness and scalability of our algorithm, but also show its capability in creating moving attack surface. The level of heterogeneity our algorithm can actually create depends on the ratio of the number of installed software to the total number of available software.
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications