Abstract

Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.

Original languageEnglish (US)
Title of host publicationAAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems
PublisherInternational Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)
Pages1377-1378
Number of pages2
ISBN (Electronic)9781450342391
StatePublished - 2016
Event15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016 - Singapore, Singapore
Duration: May 9 2016May 13 2016

Other

Other15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016
CountrySingapore
CitySingapore
Period5/9/165/13/16

Keywords

  • Bayesian Stackelberg games
  • Cyber security
  • Moving target defense
  • Web applications

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering

Fingerprint Dive into the research topics of 'Moving target defense for Web applications using Bayesian Stackelberg games'. Together they form a unique fingerprint.

  • Cite this

    Vadlamud, S. G., Sengupta, S., Taguinod, M., Zhao, Z., Doupe, A., Ahn, G-J., & Kambhampati, S. (2016). Moving target defense for Web applications using Bayesian Stackelberg games. In AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems (pp. 1377-1378). International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS).