TY - GEN
T1 - Moving target defense for Web applications using Bayesian Stackelberg games
AU - Vadlamud, Satya Gautami
AU - Sengupta, Sailik
AU - Taguinod, Marthony
AU - Zhao, Ziming
AU - Doupe, Adam
AU - Ahn, Gail-Joon
AU - Kambhampati, Subbarao
N1 - Funding Information:
This work was partially supported by the grants from ONR N00014-13-1-0176, N00014-13-1-0519 and N00014-15-1-2027, the ARO grant W911NF-13-1-0023, the NSF grant NSF-SFS-1129561 and the Center for Cybersecurity and Digital Forensics at ASU.
Publisher Copyright:
Copyright © 2016, International Foundation for Autonomous Agents and Multiagent Systems (www.ifaamas.org). All rights reserved.
PY - 2016
Y1 - 2016
N2 - Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.
AB - Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.
KW - Bayesian Stackelberg games
KW - Cyber security
KW - Moving target defense
KW - Web applications
UR - http://www.scopus.com/inward/record.url?scp=85014165078&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85014165078&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85014165078
T3 - Proceedings of the International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS
SP - 1377
EP - 1378
BT - AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems
PB - International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)
T2 - 15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016
Y2 - 9 May 2016 through 13 May 2016
ER -