Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions

Paulo Shakarian, Nimish Kulkarni, Massimiliano Albanese, Sushil Jajodia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

Original languageEnglish (US)
Title of host publicationCommunications in Computer and Information Science
PublisherSpringer Verlag
Pages191-211
Number of pages21
Volume554
ISBN (Print)9783319259147
DOIs
StatePublished - 2015
Event11th International Joint Conference on E-Business and Telecommunications, ICETE 2014 - Vienna, Austria
Duration: Aug 28 2014Aug 30 2014

Publication series

NameCommunications in Computer and Information Science
Volume554
ISSN (Print)18650929

Other

Other11th International Joint Conference on E-Business and Telecommunications, ICETE 2014
CountryAustria
CityVienna
Period8/28/148/30/14

Fingerprint

Approximation algorithms
Computer networks
Statistical Models
Virtual machine

Keywords

  • Adversarial modeling
  • Graph theory
  • Moving target defense

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Shakarian, P., Kulkarni, N., Albanese, M., & Jajodia, S. (2015). Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. In Communications in Computer and Information Science (Vol. 554, pp. 191-211). (Communications in Computer and Information Science; Vol. 554). Springer Verlag. https://doi.org/10.1007/978-3-319-25915-4_11

Keeping intruders at bay : A graph-theoretic approach to reducing the probability of successful network intrusions. / Shakarian, Paulo; Kulkarni, Nimish; Albanese, Massimiliano; Jajodia, Sushil.

Communications in Computer and Information Science. Vol. 554 Springer Verlag, 2015. p. 191-211 (Communications in Computer and Information Science; Vol. 554).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shakarian, P, Kulkarni, N, Albanese, M & Jajodia, S 2015, Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. in Communications in Computer and Information Science. vol. 554, Communications in Computer and Information Science, vol. 554, Springer Verlag, pp. 191-211, 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014, Vienna, Austria, 8/28/14. https://doi.org/10.1007/978-3-319-25915-4_11
Shakarian P, Kulkarni N, Albanese M, Jajodia S. Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. In Communications in Computer and Information Science. Vol. 554. Springer Verlag. 2015. p. 191-211. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-319-25915-4_11
Shakarian, Paulo ; Kulkarni, Nimish ; Albanese, Massimiliano ; Jajodia, Sushil. / Keeping intruders at bay : A graph-theoretic approach to reducing the probability of successful network intrusions. Communications in Computer and Information Science. Vol. 554 Springer Verlag, 2015. pp. 191-211 (Communications in Computer and Information Science).
@inproceedings{ad424f61240144bba7852227bd276675,
title = "Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions",
abstract = "It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding {"}distraction clusters{"}-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.",
keywords = "Adversarial modeling, Graph theory, Moving target defense",
author = "Paulo Shakarian and Nimish Kulkarni and Massimiliano Albanese and Sushil Jajodia",
year = "2015",
doi = "10.1007/978-3-319-25915-4_11",
language = "English (US)",
isbn = "9783319259147",
volume = "554",
series = "Communications in Computer and Information Science",
publisher = "Springer Verlag",
pages = "191--211",
booktitle = "Communications in Computer and Information Science",

}

TY - GEN

T1 - Keeping intruders at bay

T2 - A graph-theoretic approach to reducing the probability of successful network intrusions

AU - Shakarian, Paulo

AU - Kulkarni, Nimish

AU - Albanese, Massimiliano

AU - Jajodia, Sushil

PY - 2015

Y1 - 2015

N2 - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

AB - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

KW - Adversarial modeling

KW - Graph theory

KW - Moving target defense

UR - http://www.scopus.com/inward/record.url?scp=84955318092&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84955318092&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-25915-4_11

DO - 10.1007/978-3-319-25915-4_11

M3 - Conference contribution

AN - SCOPUS:84955318092

SN - 9783319259147

VL - 554

T3 - Communications in Computer and Information Science

SP - 191

EP - 211

BT - Communications in Computer and Information Science

PB - Springer Verlag

ER -