Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions

Paulo Shakarian; Nimish Kulkarni; Massimiliano Albanese; Sushil Jajodia

doi:10.1007/978-3-319-25915-4_11

Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions

Paulo Shakarian, Nimish Kulkarni, Massimiliano Albanese, Sushil Jajodia

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

Original language	English (US)
Title of host publication	E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers
Editors	Mohammad S. Obaidat, Joaquim Filipe, Andreas Holzinger
Publisher	Springer Verlag
Pages	191-211
Number of pages	21
ISBN (Print)	9783319259147
DOIs	https://doi.org/10.1007/978-3-319-25915-4_11
State	Published - 2015
Event	11th International Joint Conference on E-Business and Telecommunications, ICETE 2014 - Vienna, Austria Duration: Aug 28 2014 → Aug 30 2014

Publication series

Name	Communications in Computer and Information Science
Volume	554
ISSN (Print)	1865-0929

Other

Other	11th International Joint Conference on E-Business and Telecommunications, ICETE 2014
Country/Territory	Austria
City	Vienna
Period	8/28/14 → 8/30/14

Keywords

Adversarial modeling
Graph theory
Moving target defense

ASJC Scopus subject areas

Computer Science(all)
Mathematics(all)

Access to Document

10.1007/978-3-319-25915-4_11

Cite this

Shakarian, P., Kulkarni, N., Albanese, M., & Jajodia, S. (2015). Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. In M. S. Obaidat, J. Filipe, & A. Holzinger (Eds.), E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers (pp. 191-211). (Communications in Computer and Information Science; Vol. 554). Springer Verlag. https://doi.org/10.1007/978-3-319-25915-4_11

Keeping intruders at bay : A graph-theoretic approach to reducing the probability of successful network intrusions. / Shakarian, Paulo; Kulkarni, Nimish; Albanese, Massimiliano et al.

E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers. ed. / Mohammad S. Obaidat; Joaquim Filipe; Andreas Holzinger. Springer Verlag, 2015. p. 191-211 (Communications in Computer and Information Science; Vol. 554).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Shakarian, P, Kulkarni, N, Albanese, M & Jajodia, S 2015, Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. in MS Obaidat, J Filipe & A Holzinger (eds), E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers. Communications in Computer and Information Science, vol. 554, Springer Verlag, pp. 191-211, 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014, Vienna, Austria, 8/28/14. https://doi.org/10.1007/978-3-319-25915-4_11

Shakarian P, Kulkarni N, Albanese M, Jajodia S. Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions. In Obaidat MS, Filipe J, Holzinger A, editors, E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers. Springer Verlag. 2015. p. 191-211. (Communications in Computer and Information Science). doi: 10.1007/978-3-319-25915-4_11

Shakarian, Paulo ; Kulkarni, Nimish ; Albanese, Massimiliano et al. / Keeping intruders at bay : A graph-theoretic approach to reducing the probability of successful network intrusions. E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers. editor / Mohammad S. Obaidat ; Joaquim Filipe ; Andreas Holzinger. Springer Verlag, 2015. pp. 191-211 (Communications in Computer and Information Science).

@inproceedings{ad424f61240144bba7852227bd276675,

title = "Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions",

abstract = "It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network{\textquoteright}s logical layout and an associated probabilistic model of the adversary{\textquoteright}s behavior. We then artificially modify this representation by adding {"}distraction clusters{"}-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.",

keywords = "Adversarial modeling, Graph theory, Moving target defense",

author = "Paulo Shakarian and Nimish Kulkarni and Massimiliano Albanese and Sushil Jajodia",

note = "Funding Information: This work was partially supported by the Army Research Office under award number W911NF-13-1-0421. Paulo Shakarian were supported by the Army Research Office project 2GDATXR042. The work of Sushil Jajodia was also supported by the MITRE Sponsored Research Program. Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014 ; Conference date: 28-08-2014 Through 30-08-2014",

year = "2015",

doi = "10.1007/978-3-319-25915-4_11",

language = "English (US)",

isbn = "9783319259147",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "191--211",

editor = "Obaidat, {Mohammad S.} and Joaquim Filipe and Andreas Holzinger",

booktitle = "E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers",

}

TY - GEN

T1 - Keeping intruders at bay

T2 - 11th International Joint Conference on E-Business and Telecommunications, ICETE 2014

AU - Shakarian, Paulo

AU - Kulkarni, Nimish

AU - Albanese, Massimiliano

AU - Jajodia, Sushil

N1 - Funding Information: This work was partially supported by the Army Research Office under award number W911NF-13-1-0421. Paulo Shakarian were supported by the Army Research Office project 2GDATXR042. The work of Sushil Jajodia was also supported by the MITRE Sponsored Research Program. Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

AB - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding "distraction clusters"-collections of interconnected virtual machines-at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

KW - Adversarial modeling

KW - Graph theory

KW - Moving target defense

UR - http://www.scopus.com/inward/record.url?scp=84955318092&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84955318092&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-25915-4_11

DO - 10.1007/978-3-319-25915-4_11

M3 - Conference contribution

AN - SCOPUS:84955318092

SN - 9783319259147

T3 - Communications in Computer and Information Science

SP - 191

EP - 211

BT - E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers

A2 - Obaidat, Mohammad S.

A2 - Filipe, Joaquim

A2 - Holzinger, Andreas

PB - Springer Verlag

Y2 - 28 August 2014 through 30 August 2014

ER -

Keeping intruders at bay: A graph-theoretic approach to reducing the probability of successful network intrusions

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this