Hybrid adversarial defense: : Merging honeypots and traditional security methods
Abstract
Most past work on honeypots has made two assumptions: (i) they assume that the only defensive measure used is a honeypot mechanism, and (ii) they do not consider both rational and subrational adversaries and do not reason with an adversary model when placing honeypots. However, real-world system security officers use a mix of instruments such as traditional defenses (e.g. firewalls, intrusion detection systems), and honeypots form only one portion of the strategy. Moreover, the placement of traditional defenses and honeypots cannot be done independently. In this paper, we consider a Stackelberg-style game situation where the defender models the attacker and uses that model to identify the best placement of traditional defenses and honeypots. We provide a formal definition of undamaged asset value (i.e. the value that is not compromised by the attacker) under a given defensive strategy and show that the problem of finding the best placement so as to maximize undamaged asset value is NP-hard. We propose a greedy algorithm and show via experiments, both on real enterprise networks and on ones generated by the well-known network simulation tool NS-2, that our algorithm quickly computes near optimal placements. As such, our method is both practical and effective.
References
[1]
F.H. Abbasi, R.J. Harris, G. Moretti, A. Haider and N. Anwar, Classification of malicious network streams using honeynets, in: GLOBECOM, 2012.
[2]
L. Ablon, M.C. Libicki and A.A. Golay, Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar, RAND Corporation, 2014.
[3]
P. Aggarwal, Z. Maqbool, A. Grover, V. Pammi, S. Singh and V. Dutt, Cyber security: A game-theoretic analysis of defender and attacker strategies in defacing-website games, in: CyberSA, 2015.
[4]
E.S. Al-Shaer and H.H. Hamed, Discovery of policy anomalies in distributed firewalls, in: INFOCOM, 2004.
[5]
M. Bercovitch, M. Renford, L. Hasson, A. Shabtai, L. Rokach and Y. Elovici, HoneyGen: An automated honeytokens generator, in: ISI, 2011.
[6]
R. Brewer, Advanced persistent threats: Minimising the damage, Network Security 2014(4) (2014), 5–9.
[7]
C.-M. Chen, S.-T. Cheng and R.-Y. Zeng, A proactive approach to intrusion detection and malware collection, Security and Communication Networks 6(7) (2013), 844–853.
[8]
K.H. Chung and H. Jo, The impact of security analysts’ monitoring and marketing roles on the market value of firms, Journal of Financial and Quantitative Analysis 31(4) (1996), 493–512.
[9]
P. Cintula, F. Esteva, J. Gispert, L. Godo, F. Montagna and C. Noguera, Distinguished algebraic semantics for t-norm based fuzzy logics: Methods and algebraic equivalencies, Annals of Pure and Applied Logic 160(1) (2009), 53–81.
[10]
A. Clark, K. Sun, L. Bushnell and R. Poovendran, A game-theoretic approach to IP address randomization in decoy-based cyber defense, in: GameSec, 2015.
[11]
W.R. Claycomb, Detecting insider threats: Who is winning the game?, in: International Workshop on Managing Insider Security Threats, 2015.
[12]
R. Dewri, N. Poolsappasit, I. Ray and D. Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, in: CCS, 2007.
[13]
R. Dewri, I. Ray, N. Poolsappasit and D. Whitley, Optimal security hardening on attack tree models of networks: A cost-benefit analysis, Int. J. of Information Security 11(3) (2012), 167–188.
[14]
G. Dhillon and G. Torkzadeh, Value-focused assessment of information system security in organizations, Information Systems Journal 16(3) (2006), 293–314.
[15]
M.R. Garey and D.S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, USA, 1979.
[16]
R. Grimes, Why patching is still a problem – and how to fix it, CSO Magazine (2016). http://www.csoonline.com/article/3025807/data-protection/why-patching-is-still-a-problem-and-how-to-fix-it.html.
[17]
Z. Han, N. Marina, M. Debbah and A. Hjørungnes, Physical layer security game: How to date a girl with her boyfriend on the same table, in: GameNets, 2009.
[18]
T. Issariyakul and E. Hossain, Introduction to Network Simulator NS2, Springer Publishing Company, Incorporated, 2008.
[19]
S. Jajodia, S. Noel, P. Kalapa, M. Albanese and J. Williams, Cauldron: Mission-centric cyber situational awareness with defense in depth, in: MILCOM, 2011.
[20]
S. Jajodia, P. Shakarian, V.S. Subrahmanian, V. Swarup and C. Wang (eds), Cyber Warfare – Building the Scientific Foundation, Advances in Information Security, Vol. 56, Springer, 2015.
[21]
R.L. Keeney, Value-Focused Thinking: A Path to Creative Decisionmaking, Harvard University Press, 1996.
[22]
R.L. Keeney, Value-focused thinking: Identifying decision opportunities and creating alternatives, European Journal of Operational Research 92(3) (1996), 537–549.
[23]
C. Kiekintveld, V. Lisý and R. Píbil, Game-theoretic foundations for the strategic use of honeypots in network security, in: Cyber Warfare – Building the Scientific Foundation, 2015, pp. 81–101.
[24]
A. Kim and M.H. Kang, Determining Asset Criticality for Cyber Defense, 2011, www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA550373.
[25]
A. Krause, J. Leskovec, C. Guestrin, J. VanBriesen and C. Faloutsos, Efficient sensor placement optimization for securing large water distribution networks, Journal of Water Resources Planning and Management 134(6) (2008), 516–526.
[26]
R.P.- Lippmann, J.F. Riordan, T.H. Yu and K.K. Watson, Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics, Technical Report, MIT Lincoln Laboratory, 2012.
[27]
K.J.R. Liu and B. Wang, Cognitive Radio Networking and Security: A Game-Theoretic View, Cambridge University Press, New York, NY, USA, 2010.
[28]
T.F. Lunt, A survey of intrusion detection techniques, Computers & Security 12(4) (1993), 405–418.
[29]
K.-w. Lye and J.M. Wing, Game strategies in network security, Int. J. of Information Security 4(1–2) (2005), 71–86.
[30]
M.H. Manshaei, Q. Zhu, T. Alpcan, T. Bacşar and J.-P. Hubaux, Game theory meets network security and privacy, ACM Comput. Surv. 45(3) (2013), 25.
[31]
P. Mell, T. Bergeron and D. Henning, Creating a Patch and Vulnerability Management Program, NIST Sp. Publ. 800-40, Version 2.0, 2005.
[32]
MITRE, Common Weakness Scoring System (CWSS™), 2016, http://cwe.mitre.org/cwss.
[33]
G.L. Nemhauser, L.A. Wolsey and M.L. Fisher, An analysis of approximations for maximizing submodular set functions – I, Math. Program. 14(1) (1978), 265–294.
[34]
NIST, National Vulnerability Database, 2016, http://nvd.nist.gov.
[35]
S. Osborn, R. Sandhu and Q. Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security 3(2) (2000), 85–106.
[36]
N. Poolsappasit, R. Dewri and I. Ray, Dynamic security risk management using Bayesian attack graphs, IEEE Trans. Dependable Secur. Comput. 9(1) (2012), 61–74.
[37]
F. Pouget and M. Dacier, Honeypot, Honeynet: A comparative survey, in: Institut Eurecom, 2003.
[38]
M. Rasouli, E. Miehling and D. Teneketzis, A supervisory control approach to dynamic cyber-security, in: GameSec, 2014.
[39]
M. Raya, M.H. Manshaei, M. Félegyhazi and J.-P. Hubaux, Revocation games in ephemeral networks, in: CCS, 2008.
[40]
T. Schelling, The Strategy of Conflict, Harvard University Press, 1992.
[41]
E. Serra, S. Jajodia, A. Pugliese, A. Rullo and V.S. Subrahmanian, Pareto-optimal adversarial defense of enterprise systems, ACM Trans. Inf. Syst. Secur. 17(3) (2015), 11.
[42]
A. Shabtai, Y. Elovici and L. Rokach, Data leakage detection/prevention solutions, in: A Survey of Data Leakage Detection and Prevention Solutions, Springer, 2012, pp. 17–37.
[43]
P. Shakarian, D. Paulo, M. Albanese and S. Jajodia, Keeping intrudors at large: A graph-theoretic approach to reducing the probability of successful network intrusions, in: SECRYPT, 2014.
[44]
G.F. Stocco and G. Cybenko, Exploiting adversary’s risk profiles in imperfect information security games, in: GameSec, 2011.
[45]
L. Xiao, Y. Chen, W.S. Lin and K.J.R. Liu, Indirect reciprocity security game for large-scale wireless networks, Trans. Info. For. Sec. 7(4) (2012), 1368–1380.
[46]
G. Yan, Y. Kucuk, M. Slocum and D.C. Last, A Bayesian cogntive approach to quantifying software exploitability based on reachability testing, in: ISC, 2016.
[47]
A. Younis, Y.K. Malaiya and I. Ray, Assessing vulnerability exploitability risk using software properties, Software Quality Journal 24(1) (2016), 159–202.
[48]
Y. Zhang and B.A. Prakash, DAVA: Distributing vaccines over networks under prior information, in: ICDM, 2014.
[49]
Q. Zhu, H. Li, Z. Han and T. Basar, A stochastic game model for jamming in multi-channel cognitive radio systems, in: ICC, 2010.
Index Terms
- Hybrid adversarial defense: Merging honeypots and traditional security methods1
Index terms have been assigned to the content through auto-classification.
Recommendations
Hybrid cyber defense strategies using Honey-X: A survey
AbstractThe development and adoption of network technologies reshape our daily life; however, network-connected devices have become popular targets of cybercrimes. Honey-X-based cyber defense technologies, like honeypots, honeynets, and honeytokens, can ...
GUARD: Graph Universal Adversarial Defense
CIKM '23: Proceedings of the 32nd ACM International Conference on Information and Knowledge ManagementGraph convolutional networks (GCNs) have been shown to be vulnerable to small adversarial perturbations, which becomes a severe threat and largely limits their applications in security-critical scenarios. To mitigate such a threat, considerable research ...
Adversarial Ranking Attack and Defense
Computer Vision – ECCV 2020AbstractDeep Neural Network (DNN) classifiers are vulnerable to adversarial attack, where an imperceptible perturbation could result in misclassification. However, the vulnerability of DNN-based image ranking systems remains under-explored. In this paper, ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© 2018 – IOS Press and the authors. All rights reserved.
Publisher
IOS Press
Netherlands
Publication History
Published: 01 January 2018
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 25 Nov 2024
Other Metrics
Citations
View Options
View options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in