Keeping intruders at large

A graph-theoretic approach to reducing the probability of successful network intrusions

Paulo Shakarian, Damon Paulo, Massimiliano Albanese, Sushil Jajodia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network's logical layout and an associated probabilistic model of the adversary's behavior. We then artificially modify this representation by adding "distraction clusters" - collections of interconnected virtual machines - at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.

Original languageEnglish (US)
Title of host publicationSECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications
PublisherSciTePress
Pages19-30
Number of pages12
ISBN (Print)9789897580451
StatePublished - 2014
Event11th International Conference on Security and Cryptography, SECRYPT 2014 - Part of 11th International Joint Conference on e-Business and Telecommunications, ICETE 2014 - Vienna, Austria
Duration: Aug 28 2014Aug 30 2014

Other

Other11th International Conference on Security and Cryptography, SECRYPT 2014 - Part of 11th International Joint Conference on e-Business and Telecommunications, ICETE 2014
CountryAustria
CityVienna
Period8/28/148/30/14

Fingerprint

Honeypot
Graphical Representation
Virtual Machine
Approximation algorithms
Computer Networks
Computer networks
Probabilistic Model
Approximation Algorithms
Layout
NP-complete problem
Attack
Line
Experimental Results
Graph in graph theory
Framework
Statistical Models
Virtual machine

Keywords

  • Adversarial modeling
  • Graph theory
  • Moving target defense

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computational Theory and Mathematics
  • Computer Science Applications

Cite this

Shakarian, P., Paulo, D., Albanese, M., & Jajodia, S. (2014). Keeping intruders at large: A graph-theoretic approach to reducing the probability of successful network intrusions. In SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications (pp. 19-30). SciTePress.

Keeping intruders at large : A graph-theoretic approach to reducing the probability of successful network intrusions. / Shakarian, Paulo; Paulo, Damon; Albanese, Massimiliano; Jajodia, Sushil.

SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications. SciTePress, 2014. p. 19-30.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shakarian, P, Paulo, D, Albanese, M & Jajodia, S 2014, Keeping intruders at large: A graph-theoretic approach to reducing the probability of successful network intrusions. in SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications. SciTePress, pp. 19-30, 11th International Conference on Security and Cryptography, SECRYPT 2014 - Part of 11th International Joint Conference on e-Business and Telecommunications, ICETE 2014, Vienna, Austria, 8/28/14.
Shakarian P, Paulo D, Albanese M, Jajodia S. Keeping intruders at large: A graph-theoretic approach to reducing the probability of successful network intrusions. In SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications. SciTePress. 2014. p. 19-30
Shakarian, Paulo ; Paulo, Damon ; Albanese, Massimiliano ; Jajodia, Sushil. / Keeping intruders at large : A graph-theoretic approach to reducing the probability of successful network intrusions. SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications. SciTePress, 2014. pp. 19-30
@inproceedings{f30149b5533141dbaa26989a6527df92,
title = "Keeping intruders at large: A graph-theoretic approach to reducing the probability of successful network intrusions",
abstract = "It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network's logical layout and an associated probabilistic model of the adversary's behavior. We then artificially modify this representation by adding {"}distraction clusters{"} - collections of interconnected virtual machines - at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.",
keywords = "Adversarial modeling, Graph theory, Moving target defense",
author = "Paulo Shakarian and Damon Paulo and Massimiliano Albanese and Sushil Jajodia",
year = "2014",
language = "English (US)",
isbn = "9789897580451",
pages = "19--30",
booktitle = "SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications",
publisher = "SciTePress",

}

TY - GEN

T1 - Keeping intruders at large

T2 - A graph-theoretic approach to reducing the probability of successful network intrusions

AU - Shakarian, Paulo

AU - Paulo, Damon

AU - Albanese, Massimiliano

AU - Jajodia, Sushil

PY - 2014

Y1 - 2014

N2 - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network's logical layout and an associated probabilistic model of the adversary's behavior. We then artificially modify this representation by adding "distraction clusters" - collections of interconnected virtual machines - at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.

AB - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network's logical layout and an associated probabilistic model of the adversary's behavior. We then artificially modify this representation by adding "distraction clusters" - collections of interconnected virtual machines - at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.

KW - Adversarial modeling

KW - Graph theory

KW - Moving target defense

UR - http://www.scopus.com/inward/record.url?scp=84908868992&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84908868992&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9789897580451

SP - 19

EP - 30

BT - SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications

PB - SciTePress

ER -