Abstract

Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.

Original languageEnglish (US)
Title of host publicationAAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems
PublisherInternational Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)
Pages1377-1378
Number of pages2
ISBN (Electronic)9781450342391
StatePublished - 2016
Event15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016 - Singapore, Singapore
Duration: May 9 2016May 13 2016

Other

Other15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016
CountrySingapore
CitySingapore
Period5/9/165/13/16

Fingerprint

Launching
Ecosystems
Masks
Switches

Keywords

  • Bayesian Stackelberg games
  • Cyber security
  • Moving target defense
  • Web applications

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering

Cite this

Vadlamud, S. G., Sengupta, S., Taguinod, M., Zhao, Z., Doupe, A., Ahn, G-J., & Kambhampati, S. (2016). Moving target defense for Web applications using Bayesian Stackelberg games. In AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems (pp. 1377-1378). International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS).

Moving target defense for Web applications using Bayesian Stackelberg games. / Vadlamud, Satya Gautami; Sengupta, Sailik; Taguinod, Marthony; Zhao, Ziming; Doupe, Adam; Ahn, Gail-Joon; Kambhampati, Subbarao.

AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems. International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS), 2016. p. 1377-1378.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Vadlamud, SG, Sengupta, S, Taguinod, M, Zhao, Z, Doupe, A, Ahn, G-J & Kambhampati, S 2016, Moving target defense for Web applications using Bayesian Stackelberg games. in AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems. International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS), pp. 1377-1378, 15th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2016, Singapore, Singapore, 5/9/16.
Vadlamud SG, Sengupta S, Taguinod M, Zhao Z, Doupe A, Ahn G-J et al. Moving target defense for Web applications using Bayesian Stackelberg games. In AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems. International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS). 2016. p. 1377-1378
Vadlamud, Satya Gautami ; Sengupta, Sailik ; Taguinod, Marthony ; Zhao, Ziming ; Doupe, Adam ; Ahn, Gail-Joon ; Kambhampati, Subbarao. / Moving target defense for Web applications using Bayesian Stackelberg games. AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems. International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS), 2016. pp. 1377-1378
@inproceedings{0cc982402c2e4d4d91847e0295a581e9,
title = "Moving target defense for Web applications using Bayesian Stackelberg games",
abstract = "Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.",
keywords = "Bayesian Stackelberg games, Cyber security, Moving target defense, Web applications",
author = "Vadlamud, {Satya Gautami} and Sailik Sengupta and Marthony Taguinod and Ziming Zhao and Adam Doupe and Gail-Joon Ahn and Subbarao Kambhampati",
year = "2016",
language = "English (US)",
pages = "1377--1378",
booktitle = "AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems",
publisher = "International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)",

}

TY - GEN

T1 - Moving target defense for Web applications using Bayesian Stackelberg games

AU - Vadlamud, Satya Gautami

AU - Sengupta, Sailik

AU - Taguinod, Marthony

AU - Zhao, Ziming

AU - Doupe, Adam

AU - Ahn, Gail-Joon

AU - Kambhampati, Subbarao

PY - 2016

Y1 - 2016

N2 - Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.

AB - Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.

KW - Bayesian Stackelberg games

KW - Cyber security

KW - Moving target defense

KW - Web applications

UR - http://www.scopus.com/inward/record.url?scp=85014165078&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85014165078&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85014165078

SP - 1377

EP - 1378

BT - AAMAS 2016 - Proceedings of the 2016 International Conference on Autonomous Agents and Multiagent Systems

PB - International Foundation for Autonomous Agents and Multiagent Systems (IFAAMAS)

ER -