### Abstract

It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

Original language | English (US) |
---|---|

Title of host publication | Communications in Computer and Information Science |

Publisher | Springer Verlag |

Pages | 191-211 |

Number of pages | 21 |

Volume | 554 |

ISBN (Print) | 9783319259147 |

DOIs | |

State | Published - 2015 |

Event | 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014 - Vienna, Austria Duration: Aug 28 2014 → Aug 30 2014 |

### Publication series

Name | Communications in Computer and Information Science |
---|---|

Volume | 554 |

ISSN (Print) | 18650929 |

### Other

Other | 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014 |
---|---|

Country | Austria |

City | Vienna |

Period | 8/28/14 → 8/30/14 |

### Fingerprint

### Keywords

- Adversarial modeling
- Graph theory
- Moving target defense

### ASJC Scopus subject areas

- Computer Science(all)

### Cite this

*Communications in Computer and Information Science*(Vol. 554, pp. 191-211). (Communications in Computer and Information Science; Vol. 554). Springer Verlag. https://doi.org/10.1007/978-3-319-25915-4_11

**Keeping intruders at bay : A graph-theoretic approach to reducing the probability of successful network intrusions.** / Shakarian, Paulo; Kulkarni, Nimish; Albanese, Massimiliano; Jajodia, Sushil.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Communications in Computer and Information Science.*vol. 554, Communications in Computer and Information Science, vol. 554, Springer Verlag, pp. 191-211, 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014, Vienna, Austria, 8/28/14. https://doi.org/10.1007/978-3-319-25915-4_11

}

TY - GEN

T1 - Keeping intruders at bay

T2 - A graph-theoretic approach to reducing the probability of successful network intrusions

AU - Shakarian, Paulo

AU - Kulkarni, Nimish

AU - Albanese, Massimiliano

AU - Jajodia, Sushil

PY - 2015

Y1 - 2015

N2 - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

AB - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

KW - Adversarial modeling

KW - Graph theory

KW - Moving target defense

UR - http://www.scopus.com/inward/record.url?scp=84955318092&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84955318092&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-25915-4_11

DO - 10.1007/978-3-319-25915-4_11

M3 - Conference contribution

AN - SCOPUS:84955318092

SN - 9783319259147

VL - 554

T3 - Communications in Computer and Information Science

SP - 191

EP - 211

BT - Communications in Computer and Information Science

PB - Springer Verlag

ER -