An Intelligent Deployment Policy for Deception Resources Based on Reinforcement Learning

Wang, Shuo; Pei, Qingqi; Wang, Jianhua; Tang, Guangming; Zhang, Yuchen; Liu, Xiaohu

doi:10.1109/access.2020.2974786

Cited by 28 publications

(23 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next, the capturing ability of the deployment strategy was evaluated and compared with the other four strategies: static deployment, dynamic deployment following alarms, the Q_Learning method proposed in the literature [29], and the N2-DQN method proposed in the literature [24]. e experiment set up a total of 3 situations (0.7/0.2/0.1, 0.2/0.7/ 0.1, and 0.3/0.3/0.4), and 200 attacks were carried out in each situation.…”

Section: Resultsmentioning

confidence: 99%

“…Zhang et al [28] established an incomplete information random game model for the attack and defense process after the attackers entered the real system and used an improved Q_Learning algorithm to solve the problem, but the decision in this document focused on the system state transitions with different defense actions, the algorithm requires all network states to be known, but our algorithm does not require all states, there are fewer restrictions on scenario settings, and there is no need to guess the attackers' type in advance, which reduces the difficulty of scene modeling and is more practical. Wang et al [29] combined the two-layer threat penetration map, Q_Learning, and dynamic deployment to propose a dynamic deployment strategy of deception resources based on reinforcement learning, their strategy can also predict the attackers' next path based on the attackers' current alert paths, but the attackers considered by this method are a single-mode attack, the defender uses offline learning during the entire learning process, and it can only learn a known attack mode for defense based on the collected attack information. In addition, this method considers that the attacker has compromised a certain system node, so, the starting position of the attack path has been determined and cannot be predeployed.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Gao

Zhang

Xing

2021

Security and Communication Networks

View full text Add to dashboard Cite

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Gao

Zhang

Xing

2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Wang et al [137] identified an optimal deployment strategy for deception resource, such as honeypots. Specifically, the authors developed a Q-learning algorithm for an intelligent deployment policy for deception resources to dynamically place deception resources as the network security state changes.…”

Section: Pros and Consmentioning

confidence: 99%

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Zhu¹,

Anwar²,

Wan³

et al. 2021

Preprint

View full text Add to dashboard Cite

Defensive deception is a promising approach for cyberdefense. Although defensive deception is increasingly popular in the research community, there hasn't been a systematic investigation of its key components, the underlying principles, and its tradeoffs in various problem settings. This survey paper focuses on defensive deception research centered on game theory and machine learning, since these are prominent families of artificial intelligence approaches that are widely employed in defensive deception. This paper brings forth insights, lessons, and limitations from prior work. It closes with an outline of some research directions to tackle major gaps in current defensive deception research.

show abstract

“…In [88], the authors design the information revealed to the users and attackers to elicit behaviors in favor of the defender. In [89] and [90], RL is used to optimally deploy the deception resources and emulate adversaries, respectively. Many works have attempted to address various spoofing attacks using RL.…”

Section: Information-related Vulnerabilitymentioning

confidence: 99%

Reinforcement Learning for Feedback-Enabled Cyber Resilience

Huang¹,

Huang²,

Zhu³

2021

Preprint

View full text Add to dashboard Cite

The rapid growth in the number of devices and their connectivity has enlarged the attack surface and made cyber systems more vulnerable. As attackers become increasingly sophisticated and resourceful, mere reliance on traditional cyber protection, such as intrusion detection, firewalls, and encryption, is insufficient to secure the cyber systems. Cyber resilience provides a new security paradigm that complements inadequate protection with resilience mechanisms. A Cyber-Resilient Mechanism (CRM) adapts to the known or zero-day threats and uncertainties in real-time and strategically responds to them to maintain the critical functions of the cyber systems in the event of successful attacks. Feedback architectures play a pivotal role in enabling the online sensing, reasoning, and actuation process of the CRM. Reinforcement Learning (RL) is an important class of algorithms that epitomize the feedback architectures for cyber resiliency. It allows the CRM to provide dynamic and sequential responses to attacks with limited or without prior knowledge of the environment and the attacker. In this work, we review the literature on RL for cyber resiliency and discuss the cyber-resilient defenses against three major types of vulnerabilities, i.e., posture-related, information-related, and human-related vulnerabilities. We introduce moving target defense, defensive cyber deception, and assistive human security technologies as three application domains of CRMs to elaborate on their designs. The RL algorithms also have vulnerabilities themselves. We explain the major vulnerabilities of RL and present works that develop several attack models, in which the attacks target the rewards, the state observations, and the action commands. We show that the attacker can trick the RL agent into learning a nefarious policy with minimum attacking effort. We discuss the potential defense methods to secure them and find that there is a lack of works focusing on the defensive mechanisms for RL-enabled systems. Finally, we discuss the future challenges of RL for cyber security and resiliency and emerging applications of RL-based CRMs.

show abstract

An Intelligent Deployment Policy for Deception Resources Based on Reinforcement Learning

Cited by 28 publications

References 29 publications

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Game-Theoretic and Machine Learning-based Approaches for Defensive Deception: A Survey

Reinforcement Learning for Feedback-Enabled Cyber Resilience

Contact Info

Product

Resources

About