Evaluating Deception and Moving Target Defense with Network Attack Simulation

01/25/2023
by   Daniel Reti, et al.
0

In the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception has emerged. Starting from the well-known example of honeypots, many other deception strategies have been developed such as honeytokens and moving target defense, all sharing the objective of creating uncertainty for attackers and increasing the chance for the attacker of making mistakes. In this paper a methodology to evaluate the effectiveness of honeypots and moving target defense in a network is presented. This methodology allows to quantitatively measure the effectiveness in a simulation environment, allowing to make recommendations on how many honeypots to deploy and on how quickly network addresses have to be mutated to effectively disrupt an attack in multiple network and attacker configurations. With this optimum, attacks can be detected and slowed down with a minimal resource and configuration overhead. With the provided methodology, the optimal number of honeypots to be deployed and the optimal network address mutation interval can be determined. Furthermore, this work provides guidance on how to optimally deploy and configure them with respect to the attacker model and several network parameters.

READ FULL TEXT
research
02/24/2020

Spatial-Temporal Moving Target Defense: A Markov Stackelberg Game Model

Moving target defense has emerged as a critical paradigm of protecting a...
research
12/20/2019

Strategic Defense against Stealthy Link Flooding Attacks: A Signaling Game Approach

With the increasing diversity of Distributed Denial-of-Service (DDoS) at...
research
03/01/2023

DOLOS: A Novel Architecture for Moving Target Defense

Moving Target Defense and Cyber Deception emerged in recent years as two...
research
01/06/2021

A Qualitative Empirical Analysis of Human Post-Exploitation Behavior

Honeypots are a well-studied defensive measure in network security. This...
research
01/24/2023

Learning Effective Strategies for Moving Target Defense with Switching Costs

Moving Target Defense (MTD) has emerged as a key technique in various se...
research
03/17/2023

Moving Target Defense for Service-oriented Mission-critical Networks

Modern mission-critical systems (MCS) are increasingly softwarized and i...
research
06/27/2022

Measuring and Clustering Network Attackers using Medium-Interaction Honeypots

Network honeypots are often used by information security teams to measur...

Please sign up or login with your details

Forgot password? Click here to reset