Third ACM Workshop on Moving Target Defense (MTD 2016)

In conjunction with the 23rd ACM Conference on Computer and Communications Security (CCS)
October 24-28, 2016, Vienna, Austria

CFP | Submission | Dates| Keynote Speakers | Program | Organizers


Call for Papers

Venue: MTD 2016 will be held on the first day of the 23rd ACM CCS (Conference on Computer and Communications Security, October 24-28, 2016) at the Hofburg Palace, Vienna, Austria.

Background: The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever adapting attack surface, attackers will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attackers’ workload so as to level the cybersecurity playing field for both defenders and attackers - hopefully even tilting it in favor of the defender.


Workshop Goals: This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit paper and system demo submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since MTD research is still in its nascent stage, the list should only be used as a reference.  We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results.


·       System randomization

·       Artificial diversity

·       Cyber maneuver

·       Bio-inspired defenses

·       Dynamic network configuration

·       Moving target in the cloud

·       System diversification techniques

·       Dynamic compilation techniques

·       Adaptive defenses

·       MTD quantification methods and models

·       Large-scale MTD (using multiple techniques)

·       Moving target in software coding, application APIs virtualization

·       Autonomous technologies for MTD

·       Theoretic study on modeling trade-offs of using MTD approaches

·       Human, social, and psychology aspects of MTD

·       Other related areas


Paper Submissions


Paper submissions: Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions should be at most 10 pages in the ACM double-column format, excluding well-marked appendices, and at most 12 pages in total. Submissions are not required to be anonymized.


System demo submissions: Each accepted system demo must be demonstrated on site by a registered workshop attendee; then a 2-page description can be included in the proceedings. System demo submissions should be at most 2 pages in the ACM double-column format, excluding well-marked appendices, and at most 4 pages in total. Submitted system demos must not substantially overlap system demos that have been published or that are simultaneously submitted to another conference with proceedings. Submissions are not required to be anonymized.


Submission web site: Both paper and system demo submissions are to be made to the submission web site at Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of July 27, 2016 to be considered. Notification of acceptance or rejection will be sent to authors by September 5, 2016. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop. Proceedings of the workshop will be available on a CD to the workshop attendees and will become part of the ACM Digital Library. 


Contact: Peng Liu and Cliff Wang, MTD 2016 Program Chairs,

Important Dates


·   Paper submission due: July 27, 2016 [FIRM]

·   Notification to authors: September 5, 2016

·   Camera ready due: September 12, 2016

·   Workshop date: October 24, 2016

Keynote Speakers

Title: A Cyber Mutation: Metrics, Techniques and Future Directions

Abstract: After decades of cyber warfare, it is well-known that the static and predictable behavior of cyber configuration provides a great advantage to adversaries to plan and launch their attack successfully. At the same time, as cyber-attacks are getting highly stealthy and more sophisticated, their detection and mitigation become much harder and expensive. We developed a new foundation for moving target defense (MTD) based on cyber mutation, as a new concept in cybersecurity to reverse this asymmetry in cyber warfare by embedding agility into cyber systems. Cyber mutation enables cyber systems to automatically change its configuration parameters in unpredictable, safe and adaptive manner in order to proactively achieve one or more of the following MTD goals: (1) deceiving attackers from reaching their goals, (2) disrupting their plans via changing adversarial behaviors, and (3) deterring adversaries by prohibitively increasing the attack effort and cost.

In this talk, we will present the formal foundations, metrics and framework for developing effective cyber mutation techniques. The talk will also review several examples of developed techniques including Random Host Mutation, Random Rout Mutation, fingerprinting mutation, and mutable virtual networks. The talk will also address the evaluation and lessons learned for advancing the future research in this area.

Bio: Dr. Ehab Al-Shaer is a Professor in Computer Science, the director of the Cyber Defense and Network Assurability (CyberDNA) Center, and the director of NSF IUCRC Center on Security Configuration Analytics and Automation in UNC Charlotte. His area of research expertise includes security analytics and automation, auto-resiliency, configuration verification and hardening for enterprise and cloud computing, cyber agility & moving target defense, security & resiliency of smart grid and IoT systems, security & resiliency metrics, and next-generation intrusion detection. Dr. Al-Shaer has edited/co-edited more than 9 books, and published about 190 refereed journals and conferences papers in his area. He was designated as a Subject Matter Expert (SME) in the area of security analytics and automation in DoD Information Assurance Newsletter published in 2011. He received the IBM Faculty Award in 2012. I was the General Chair of ACM Computer and Communication in 2009 and 2010 and NSF Workshop in Assurable and Usable Security Configuration in 2008. Dr. Al-Shaer was also the PC chair for many other conferences and workshops including ACM/IEEE SafeConfig 2009 and 2013, IEEE Integrated Management 2007, IEEE POLICY 2008, and others. Since he joined UNC Charlotte in 2009, Dr. Al-Shaer has received a total research funding of more than $8M from various government and industry sources including NSF, NSA, AFRL, ARO, Duke Energy, IBM, Bank of America, Wells Fargo, BB&T, RTI, DTCC and others.


Title: Moving Target Defense – A Journey from Idea to Product

Abstract: Today’s enterprise networks are “sitting ducks” waiting for attackers to exploit them. To a determined attacker, there are many ways to get inside an enterprise network, bypass any current protection technologies, and attack the intended targets. Innovations in cyber security technology are needed that go beyond what the current state of the art has to offer.

As part of the research and development community, we have participated in developing such innovative technologies providing moving target defense capabilities to enterprise networks. In particular, the Self-shielding Dynamic Network Architecture (SDNA) technology (currently known as CryptoniteNXT) dynamically alters an enterprise network’s appearance and behavior to stop cyber-attacks, including zero-day and targeted advanced persistent threats, while maintaining transparency to the user, application, and operating system. SDNA prevents an attacker from targeting, entering, or spreading through an enterprise network by adding dynamics that present a changing view of the network over space and time. If an attacker gains a foothold inside the enterprise network, for example, a malicious insider or a host compromised by a phishing attack, SDNA limits the attacker’s ability to spread and operate by constraining each host to an abstract, modified, and obfuscated view of the network.

SDNA is a unique offering in that it is pro-active in its protection and that it does not depend on continuous intervention from the Information Technology (IT) department to maintain a secure environment.  Based on the significant market potential of SDNA and excellent test results, we have spun off this technology as a separate company to raise commercial investment for product launch, marketing, sales, etc. It is anticipated that the matured SDNA products will greatly enhance the cyber security posture and reduce cyber security associated damage costs in a wide range of commercial and government sectors.

In this invited talk, Dr. Jason Li will describe the SDNA/CryptoniteNXT technology, its lifetime from inception to maturity, as well as lessons learned through the exciting journey of research, development, maturation, security testing/red teaming, and productization. The cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create uncertainty for attackers. Although many MT techniques have been proposed in the literature, little has been done to evaluate their effectiveness, benefits, and weaknesses. In this talk, we describe the status quo in MT prototyping and evaluation and provide recommendations for a more systematic approach in designing and implementing more effective MT defenses.

Bio: Dr. Jason Li received his Ph.D. degree in Electrical and Computer Engineering from the University of Maryland at College Park. Currently he serves as the Vice President of Networks and Security at Intelligent Automation Inc. (IAI). Since joining IAI in 2005, in his various roles as Principal Investigator, Director, and Vice President, he initiated and directed R&D programs related to moving target defense, cyber situational awareness, realistic and repeatable wireless networks test and evaluation, efficient protocol design and development, attack impact analysis, airborne networks technologies and complex networks. Today, Dr. Li is focused on the transition and productization of IAI’s network and cyber technologies to the government programs and the commercial sector. Dr. Li co-invented the SDNA technology with Dr. Justin Yackoski (now CTO at IAI’s spin-off company Cryptonite LLC) and has overseen the process of SDNA technology development and maturation. Another recent transition success led by Dr. Li includes IAI’s RFnest™ technology and product line, which significantly improves the fidelity and cost-effectiveness of wireless networks test and evaluation.





CCS 2016 MTD Workshop, Monday October 24, 2016

7:30 AM - 8:50 AM

Registration & Early Bird Coffee

8:50 AM – 9:00 AM

Opening Remarks & Logistics

Session Chair:

Peng Liu

9:00 AM - 10:00 AM

Keynotes: Ehab Al-Shaer (University of North Carolina, Charlotte), “A Cyber Mutation: Metrics, Techniques and Future Directions”

Session #1 New Moving Target Defenses (I), Session Chair: Jason Li (Intelligent Automation Inc.)

10:00 AM - 10:30 AM

"Have No PHEAR: Networks Without Identifiers", Richard Skowyra (MIT Lincoln Laboratory); Kevin Bauer (MIT Lincoln Laboratory); Veer Dedhia (MIT Lincoln Laboratory); Hamed Okhravi (MIT Lincoln Laboratory)

10:30 AM - 11:00 AM

"Towards Cost-Effective Moving Target Defense Against DDoS and Covert Channel Attacks", Huangxin Wang (GMU); Fei Li (GMU); Songqing Chen (GMU)

11:00 AM - 11:20 AM

Coffee Break

Session #2 New Moving Target Defenses (II), Session Chair:

Noor Ahmed (Air Force Research Laboratory)

11:20 AM - 11:50 AM

"SDN based scalable MTD solution in Cloud Network", Ankur Chowdhary (ASU); Sandeep Pisharody (ASU); Dijiang Huang (ASU)

11:50 AM - 12:20 PM

"A Moving Target Defense Approach to Disrupting Stealthy Botnets”, Sridhar Venkatesan (GMU); Massimiliano Albanese (GMU); George Cybenko (Dartmouth College); Sushil Jajodia (GMU)

12:20 PM - 12:50 PM

"Multi-dimensional Host Identity Anonymization for Defeating Skilled Attackers", Jafar Haadi Jafarian (UNCC); Amirreza Niakanlahiji (UNCC); Ehab Al-Shaer (UNCC); Qi Duan (UNCC)

Lunch &

System Demo

12:50 PM - 14:20 PM


13:40 PM -14:20 PM

“Demo: A Symbolic N-Variant System,” Jun Xu (PSU); Pinyao Guo (PSU); Bo Chen (Memphis University); Robert F. Erbacher (ARL); Ping Chen (PSU); Peng Liu (PSU)

Session Chair:

Peng Liu

14:20 PM -14:50 PM

Industry Speaker: Jason Li (Intelligent Automation, Inc.), "Moving Target Defense - A Journey from Idea to Product"

Session #3 Modeling and Evaluation of Moving Target Defenses (I), Session Chair: Hamed Okhravi (MIT Lincoln Laboratory)

14:50 PM - 15:20 PM

“Markov Modeling of Moving Target Defense Games”, Saeed Valizadeh (UConn); Hoda Maleki (UConn); William Koch (Boston Univ.); Azer Bestavros (Boston Univ.); Marten van Dijk (UConn)

15:20 PM - 15:50 PM

“Moving Target Defense against DDoS Attacks: An Empirical Game-Theoretic Analysis”, Mason Wright (University of Michigan); Sridhar Venkatesan (GMU); Massimiliano Albanese (GMU); Michael Wellman (University of Michigan)


15:50 PM - 16:05 PM

Coffee Break

Session #4 Modeling and Evaluation of Moving Target Defenses (II), Session Chair: Reginald Sawilla (NATO Communication and Information Agency)

16:05 PM - 16:35 PM

“Graph Analysis and Moving Target Defense Selection”, Christopher Lamb (Sandia National Laboratories); Jason Hamlet (Sandia National Laboratories)

16:35 PM - 17:05 PM

“Formal Approach for Resilient Reachability based on End-System Route Agility”, Usman Rauf (UNCC); Fida Gillani (UNCC); Ehab Al-Shaer (UNCC); Mahantesh Halappanavar (PNNL); Samrat Chatterjee (PNNL); Christopher Oehmen (PNNL)

17:05 PM - 17:20 PM

"Mayflies: A Moving Target Defense Framework for Distributed Systems (short paper)", Noor Ahmed (AFRL); Bharat Bhargava (Purdue University)

17:20 PM – 17:35 PM

“Automated Effectiveness Evaluation of Moving Target Defenses: Metrics for Missions and Attacks (short paper)”,  Joshua Taylor (Siege Technologies); Kara Zaffarano (Siege Technologies); Ben Koller (Siege Technologies); Charlie Bancroft (Siege Technologies); Jason Syversen (Siege Technologies)

17:35 PM – 17:40 PM

Wrap up




PC Chairs:

Peng Liu, Penn State University

Cliff Wang, U.S. Army Research Office


Program Committee:

(To be completed) 

Gail-Joon Ahn, Arizona State University 

Massimiliano Albanese, George Mason University      

Hasan Cam, U.S. Army Research Laboratory   

Ping Chen, Pennsylvania State University

Scott A. Deloach, Kansas State University       

Robert Erbacher, Army Research Laboratory    

Michael Franz, University of California, Irvine    

Jason Hamlet, Sandia National Laboratories

Trent Jaeger,  Pennsylvania State University

Sushil Jajodia, George Mason University

Myong Kang, NRL  

Dan dongseong Kim, University of Canterbury New Zealand

Srikanth Krishnamurthy, University of California, Riverside    

Christopher Lamb, University of New Mexico

Karl Levitt, University of California, Davis

Jason Li, Intelligent Automation Inc.       

Zhuo Lu, University of Memphis   

Patrick McDaniel, Penn State University

Sanjai Narain, Applied Communication Sciences

Iulian Neamtiu, University of California, Riverside        

Hamed Okhravi, MIT Lincoln Laboratory

Simon Ou, University of South Florida    

Vipin Swarup, MITRE, USA

Kun Sun,  College of William and Mary   

Jason Syversen, Siege Technologies     

Michael Wellman, University of Michigan

Minghui Zhu, Pennsylvania State University






Updated: October 9, 2016