What Is Your MOVE: Modeling Adversarial Network Environments

Finding optimal adversarial dynamics between defenders and attackers in large network systems is a complex problem one can approach from several perspectives. The results obtained are often not satisfactory since they either concentrate on only one party or run very simplified scenarios that are hard to correlate with realistic settings. To truly find which are the most robust defensive strategies, the adaptive attacker ecosystem must be given as many degrees of freedom as possible, to model real attacking scenarios accurately. We propose a coevolutionary-based simulator called MOVE that can evolve both attack and defense strategies. To test it, we investigate several different but realistic scenarios, taking into account features such as network topology and possible applications in the network. The results show that the evolved strategies far surpass randomly generated strategies. Finally, the evolved strategies can help us to reach some more general conclusions for both attacker and defender sides.

[1]  Srikanth V. Krishnamurthy,et al.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance , 2016, MIST@CCS.

[2]  Michel Cukier,et al.  An experimental evaluation to determine if port scans are precursors to an attack , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[3]  John H. Miller,et al.  The coevolution of automata in the repeated Prisoner's Dilemma , 1996 .

[4]  Daniel R. Tauritz,et al.  Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) , 2015, GECCO.

[5]  Joshua Taylor,et al.  A Quantitative Framework for Moving Target Defense Effectiveness Evaluation , 2015, MTD@CCS.

[6]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[7]  A. E. Eiben,et al.  Introduction to Evolutionary Computing , 2003, Natural Computing Series.

[8]  Una-May O'Reilly,et al.  Investigating coevolutionary archive based genetic algorithms on cyber defense networks , 2017, GECCO.

[9]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[10]  Daniel Prado Sánchez,et al.  Visualizing adversaries : transparent pooling approaches for decision support in cybersecurity , 2018 .

[11]  Kevin M. Carter,et al.  Adaptive Attacker Strategy Development Against Moving Target Cyber Defenses , 2014, ArXiv.

[12]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[13]  Una-May O'Reilly,et al.  Adversarial co-evolution of attack and defense in a segmented computer network environment , 2018, GECCO.

[14]  Kevin M. Carter,et al.  Strategic evolution of adversaries against temporal platform diversity active cyber defenses , 2014, SpringSim.

[15]  Una-May O'Reilly,et al.  Adversarially Adapting Deceptive Views and Reconnaissance Scans on a Software Defined Network , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).