A Probabilistic Logic of Cyber Deception

Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker’s state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests.

[1]  H. B. Mann,et al.  On a Test of Whether one of Two Random Variables is Stochastically Larger than the Other , 1947 .

[2]  Robert G. Jeroslow,et al.  Computation-oriented reductions of predicate to propositional logic , 1988, Decis. Support Syst..

[3]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1992, TOCS.

[4]  Sarit Kraus,et al.  Declarative Foundations of Secure Deductive Databases , 1992, ICDT.

[5]  Anil Nerode,et al.  Implementing deductive databases by linear programming , 1992, PODS '92.

[6]  R. Raman,et al.  Modelling and computational techniques for logic based integer programming , 1994 .

[7]  Frédéric Cuppens,et al.  Expression of confidentiality policies with deontic logic , 1994 .

[8]  Anil Nerode,et al.  Mixed integer programming methods for computing nonmonotonic deductive databases , 1994, JACM.

[9]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[10]  Paul A. Viola,et al.  MIMIC: Finding Optima by Estimating Probability Densities , 1996, NIPS.

[11]  Nicolas Beldiceanu,et al.  Constraint Logic Programming , 2010, 25 Years GULP.

[12]  Hasan M. Jamil Belief reasoning in MLS deductive databases , 1999, SIGMOD '99.

[13]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[14]  J. Hooker Logic-Based Methods for Optimization: Combining Optimization and Constraint Satisfaction , 2000 .

[15]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[16]  Joachim Biskup,et al.  Lying versus refusal for known potential secrets , 2001, Data Knowl. Eng..

[17]  Pasi Eronen,et al.  An expert system for analyzing firewall rules , 2001 .

[18]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[19]  David E. Goldberg,et al.  A Survey of Optimization by Building and Using Probabilistic Models , 2002, Comput. Optim. Appl..

[20]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[21]  Eric R. Ziegel,et al.  Probability and Statistics for Engineering and the Sciences , 2004, Technometrics.

[22]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[23]  Ernesto Damiani,et al.  Supporting location-based conditions in access control policies , 2006, ASIACCS '06.

[24]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[25]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[26]  Samir Khuller,et al.  Computing most probable worlds of action probabilistic logic programs: scalable estimation for 1030,000 worlds , 2007, Annals of Mathematics and Artificial Intelligence.

[27]  Teerawat Issariyakul,et al.  Introduction to Network Simulator NS2 , 2008 .

[28]  John Musacchio,et al.  Optimizing the decision to expel attackers from an information system , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[29]  Vinod Yegneswaran,et al.  An Attacker-Defender Game for Honeynets , 2009, COCOON.

[30]  Phiniki Stouppa,et al.  Data Privacy for Knowledge Bases , 2009, LFCS.

[31]  Tansu Alpcan,et al.  Network Security , 2010 .

[32]  Paulo Shakarian,et al.  Annotated probabilistic temporal logic , 2011, TOCL.

[33]  Sushil Jajodia,et al.  Cauldron mission-centric cyber situational awareness with defense in depth , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[34]  Indrajit Ray,et al.  Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.

[35]  Paulo Shakarian,et al.  Annotated Probabilistic Temporal Logic: Approximate Fixpoint Implementation , 2012, TOCL.

[36]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[37]  Yevgeniy Vorobeychik,et al.  Optimal interdiction of attack plans , 2013, AAMAS.

[38]  Воробьев Антон Александрович Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .

[39]  Sushil Jajodia,et al.  Manipulating the attacker's view of a system's attack surface , 2014, 2014 IEEE Conference on Communications and Network Security.

[40]  Sushil Jajodia,et al.  Keeping intruders at large: A graph-theoretic approach to reducing the probability of successful network intrusions , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[41]  Sushil Jajodia,et al.  A deception based approach for defeating OS and service fingerprinting , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[42]  Sushil Jajodia,et al.  Pareto-Optimal Adversarial Defense of Enterprise Systems , 2015, TSEC.

[43]  Viliam Lisý,et al.  Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security , 2015, Cyber Warfare.

[44]  Michele Colajanni,et al.  Analysis of high volumes of network traffic for Advanced Persistent Threat detection , 2016, Comput. Networks.