TY - GEN
T1 - Keeping intruders at large
T2 - 11th International Conference on Security and Cryptography, SECRYPT 2014 - Part of 11th International Joint Conference on e-Business and Telecommunications, ICETE 2014
AU - Shakarian, Paulo
AU - Paulo, Damon
AU - Albanese, Massimiliano
AU - Jajodia, Sushil
PY - 2014
Y1 - 2014
N2 - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network's logical layout and an associated probabilistic model of the adversary's behavior. We then artificially modify this representation by adding "distraction clusters" - collections of interconnected virtual machines - at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.
AB - It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network's logical layout and an associated probabilistic model of the adversary's behavior. We then artificially modify this representation by adding "distraction clusters" - collections of interconnected virtual machines - at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.
KW - Adversarial modeling
KW - Graph theory
KW - Moving target defense
UR - http://www.scopus.com/inward/record.url?scp=84908868992&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84908868992&partnerID=8YFLogxK
U2 - 10.5220/0005013800190030
DO - 10.5220/0005013800190030
M3 - Conference contribution
AN - SCOPUS:84908868992
T3 - SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications
SP - 19
EP - 30
BT - SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications
A2 - Obaidat, Mohammad S.
A2 - Holzinger, Andreas
A2 - Samarati, Pierangela
PB - SciTePress
Y2 - 28 August 2014 through 30 August 2014
ER -