π€ AI Summary
This study addresses the fragmentation and limited reproducibility in existing Moving Target Defense (MTD) evaluations, which stem from the absence of a unified attacker model, consistent scenarios, and standardized metrics. To overcome these limitations, this work proposes MTD-Playgroundβthe first comprehensive, attacker-oriented evaluation framework designed for benchmarking SDN-based path randomization MTD techniques within enterprise-level multi-stage attack scenarios. The framework introduces an innovative composite evaluation paradigm that jointly considers security effectiveness, system performance, and deployment feasibility. Experimental results demonstrate that aggressive mutation strategies can reduce attack success rates to 4β20%, extend attack completion times to 160β311 seconds, increase network throughput by 30.9%, decrease internal path latency, and achieve these gains without causing service disruption.
π Abstract
Moving Target Defense (MTD) has emerged as a proactive network cyber defense paradigm that increases attacker uncertainty through dynamic network reconfiguration techniques such as Software-Defined Networking (SDN)-enabled path randomization. However, existing evaluations remain fragmented due to inconsistent attacker assumptions, attack scenarios, and evaluation metrics, limiting reproducibility and deployment-oriented comparison. In this paper, we present MTD-Playground, an attacker-aware evaluation framework for benchmarking SDN-enabled path-randomization (PR) MTD techniques under realistic enterprise-style multi-stage attack scenarios. Beyond isolated security and performance metrics, MTD-Playground introduces a composite evaluation methodology for analyzing deployment effectiveness, mutation-interval trade-offs, and defender-attacker operational balance. Using periodic path randomization as a representative PR-MTD strategy, our evaluation shows that aggressive mutation intervals reduce attack success rates to 4-20% while increasing attack completion time to 160-311s across evaluated attack scenarios. At the same time, PR-MTD improves throughput by up to 30.9% and reduces internal-path latency without service interruption. Composite analysis further shows that shorter mutation intervals consistently achieve the highest deployment effectiveness and positive defender advantage. These results demonstrate that SDN-based PR-MTD can substantially disrupt multi-stage attack progression while remaining practically deployable in enterprise environments.