Manipulating the attacker's view of a system's attack surface

Albanese, Massimiliano; Battista, Ermanno; Jajodia, Sushil; Casola, Valentina

doi:10.1109/cns.2014.6997517

Cited by 29 publications

(20 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The aim of deception in cyber security is to guide the adversary to the target of defender's choice, typically a honeypot. Several researchers [117] continued their work on attack prediction by proposing a deception system, which prepares an attractive target for an attacker. For example, if an adversary is supposed to exploit a certain service, a honeypot emulating such service is set up in the target network, either as a new target or as a clone of a real system.…”

Section: Evaluation In Live Networkmentioning

confidence: 99%

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Husák

Komárková

Bou‐Harb

et al. 2019

IEEE Commun. Surv. Tutorials

227

110

View full text Add to dashboard Cite

This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation.

show abstract

Section: Evaluation In Live Networkmentioning

confidence: 99%

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Husák

Komárková

Bou‐Harb

et al. 2019

IEEE Commun. Surv. Tutorials

227

110

View full text Add to dashboard Cite

show abstract

“…Finally, the two works that are closer in spirit to the framework proposed in this paper are [45], [46]; both use a deceptive approach in order to confuse the attacker. In contrast to these, our framework aims at finding the best way to answer the attacker's scan queries.…”

Section: Defending Enterprise Networkmentioning

confidence: 99%

A Probabilistic Logic of Cyber Deception

Jajodia

Park

Pierazzi

et al. 2017

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker’s state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests

show abstract

“…Additionally, most existing techniques are purely proactive in nature or do not adequately consider the attacker's behavior. To address this limitation, alternative approaches aim at inducing a "virtual" or "perceived" attack surface by deceiving the attacker into making incorrect inferences about the system's configuration [12], rather than actually reconfiguring the system. Honeypots have also been traditionally used to try to divert attackers away from critical resources [13], but they have proven to be less effective than MTDs because they provide a static solution: once a honeypot or honeynet has been discovered, the attacker will simply avoid it.…”

Section: Mtds and Attack Modelmentioning

confidence: 99%

“…where t r is the response time, β R is the response time objective, ps is the attacker's success probability computed as P s (age) where age -the resource's average age -is either given by Eq. (12) or (22) for the drop or wait policies, β S is the attacker's success probability objective, and σ is a steepness parameter for the sigmoid. Sigmoids are commonly used as utility functions in autonomic computing because they are smooth, differentiable at all points, and can be easily adjusted to react more or less aggressively to violations of service level agreements through the steepness parameter [19].…”

Section: Determining the Optimal Reconfiguration Ratementioning

confidence: 99%

Performance Modeling of Moving Target Defenses with Reconfiguration Limits

Connell

Menascé

Albanese

2021

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Moving Target Defense (MTD) has recently emerged as a game changer in the security landscape due to its proven potential to introduce asymmetric uncertainty that gives the defender a tactical advantage over the attacker. Many different MTD techniques have been developed, but, despite the huge progress made in this area, critical gaps still exist with respect to the problem of studying and quantifying the cost and benefits of deploying MTDs. In fact, all existing techniques address a very narrow set of attack vectors, and, due to the lack of shared metrics, it is difficult to quantify and compare multiple techniques. Building on our preliminary work in this field, we propose a quantitative analytic model for assessing the resource availability and performance of MTDs, and a method for maximizing a utility function that captures the tradeoffs between security and performance. The proposed model generalizes our previous model and can be applied to a wider range of MTDs and operational scenarios to improve availability and performance by imposing limits on the maximum number of resources that can be in the process of being reconfigured. The analytic results are validated by simulation and experimentation, confirming the accuracy of our model.

show abstract

Manipulating the attacker's view of a system's attack surface

Cited by 29 publications

References 9 publications

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

A Probabilistic Logic of Cyber Deception

Performance Modeling of Moving Target Defenses with Reconfiguration Limits

Contact Info

Product

Resources

About