DeepAI AI Chat
Log In Sign Up

Learning Effective Strategies for Moving Target Defense with Switching Costs

by   Vignesh Viswanathan, et al.
University of Massachusetts Amherst
IIIT Hyderabad

Moving Target Defense (MTD) has emerged as a key technique in various security applications as it takes away the attacker's ability to perform reconnaissance for exploiting a system's vulnerabilities. However, most of the existing research in the field assumes unrealistic access to information about the attacker's motivations and/or actions when developing MTD strategies. Many of the existing approaches also assume complete knowledge regarding the vulnerabilities of a system and how each of these vulnerabilities can be exploited by an attacker. In this work, we aim to create algorithms that generate effective Moving Target Defense strategies that do not rely on prior knowledge about the attackers. Our work assumes that the only way the defender receives information about its own reward is via interaction with the attacker in a repeated game setting. Depending on the amount of information that can be obtained from the interactions, we devise two different algorithms using multi-armed bandit formulation to identify efficient strategies. We then evaluate our algorithms using data mined from the National Vulnerability Database to showcase that they match the performance of the state-of-the-art techniques, despite using a lot less amount of information.


page 10

page 11

page 15


Moving Target Defense for Web Applications using Bayesian Stackelberg Games

The present complexity in designing web applications makes software secu...

Evaluating Deception and Moving Target Defense with Network Attack Simulation

In the field of network security, with the ongoing arms race between att...

Asymptotic Security using Bayesian Defense Mechanism with Application to Cyber Deception

This paper addresses the question whether model knowledge can guide a de...

Spatial-Temporal Moving Target Defense: A Markov Stackelberg Game Model

Moving target defense has emerged as a critical paradigm of protecting a...

HoneyCar: A Framework to Configure Honeypot Vulnerabilities on the Internet of Vehicles

The Internet of Vehicles (IoV), whereby interconnected vehicles communic...

Effective Security by Obscurity

"Security by obscurity" is a bromide which is frequently applied to unde...

Planning for Attacker Entrapment in Adversarial Settings

In this paper, we propose a planning framework to generate a defense str...