Moving target defense for Web applications using Bayesian Stackelberg games

Satya Gautami Vadlamud, Sailik Sengupta, Marthony Taguinod, Ziming Zhao, Adam Doupe, Gail-Joon Ahn, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

35 Scopus citations

Abstract

Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.

Original languageEnglish (US)
Title of host publicationAAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems
PublisherInternational Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)
Pages1377-1378
Number of pages2
ISBN (Electronic)9781450342391
StatePublished - 2016
Event15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016 - Singapore, Singapore
Duration: May 9 2016May 13 2016

Publication series

NameProceedings of the International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS
ISSN (Print)1548-8403
ISSN (Electronic)1558-2914

Other

Other15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016
Country/TerritorySingapore
CitySingapore
Period5/9/165/13/16

Keywords

  • Bayesian Stackelberg games
  • Cyber security
  • Moving target defense
  • Web applications

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Moving target defense for Web applications using Bayesian Stackelberg games'. Together they form a unique fingerprint.

Cite this