Tanmoy Chakraborty, S. Jajodia, Noseong Park, Andrea Pugliese, Edoardo Serra, V. S. Subrahmanian
{"title":"Hybrid adversarial defense: Merging honeypots and traditional security methods","authors":"Tanmoy Chakraborty, S. Jajodia, Noseong Park, Andrea Pugliese, Edoardo Serra, V. S. Subrahmanian","doi":"10.3233/JCS-171094","DOIUrl":null,"url":null,"abstract":"Most past work on honeypots has made two assumptions: (i) they assume that the only defensive measure used is a honeypot mechanism, and (ii) they do not consider both rational and subrational adversaries and do not reason with an adversary model when placing honeypots. However, real-world system security officers use a mix of instruments such as traditional defenses (e.g. firewalls, intrusion detection systems), and honeypots form only one portion of the strategy. Moreover, the placement of traditional defenses and honeypots cannot be done independently. In this paper, we consider a Stackelbergstyle game situation where the defender models the attacker and uses that model to identify the best placement of traditional defenses and honeypots. We provide a formal definition of undamaged asset value (i.e. the value that is not compromised by the attacker) under a given defensive strategy and show that the problem of finding the best placement so as to maximize undamaged asset value is NP-hard. We propose a greedy algorithm and show via experiments, both on real enterprise networks and on ones generated by the well-known network simulation tool NS-2, that our algorithm quickly computes near optimal placements. As such, our method is both practical and effective.","PeriodicalId":142580,"journal":{"name":"J. Comput. Secur.","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/JCS-171094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Most past work on honeypots has made two assumptions: (i) they assume that the only defensive measure used is a honeypot mechanism, and (ii) they do not consider both rational and subrational adversaries and do not reason with an adversary model when placing honeypots. However, real-world system security officers use a mix of instruments such as traditional defenses (e.g. firewalls, intrusion detection systems), and honeypots form only one portion of the strategy. Moreover, the placement of traditional defenses and honeypots cannot be done independently. In this paper, we consider a Stackelbergstyle game situation where the defender models the attacker and uses that model to identify the best placement of traditional defenses and honeypots. We provide a formal definition of undamaged asset value (i.e. the value that is not compromised by the attacker) under a given defensive strategy and show that the problem of finding the best placement so as to maximize undamaged asset value is NP-hard. We propose a greedy algorithm and show via experiments, both on real enterprise networks and on ones generated by the well-known network simulation tool NS-2, that our algorithm quickly computes near optimal placements. As such, our method is both practical and effective.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
