Cognitive Honeypots against Lateral Movement for Mitigation of Long-Term Vulnerability

Lateral movement of advanced persistent threats (APTs) has posed a severe security challenge. Static segregation at separate times and spatial locations is not sufficient to protect valuable assets from stealthy and persistent attackers. Defenders need to consider time and stages holistically to discover the latent attack path across a large time-scale and achieve long-term security for the target assets. In this work, we propose a random time-expanded network to model the stochastic service requests in the enterprise network and the persistent lateral movement over stages. We design cognitive honeypots at idle production nodes to detect and deter the adversarial lateral movement and protect the target node proactively and persistently. To increase the honeypots' stealthiness, the location of the honeypot changes randomly at different times and stages. Based on the probability of service links and the likelihood of successful compromises, the defender can design the optimal honeypot policy that minimizes the long-term cyber risks of the target assets and the probability of interference and roaming cost. We propose an iterative algorithm and approximate the vulnerability with the union bound for computationally efficient deployment of honeypots. The vulnerability analysis results under the optimal and heuristic honeypot policies demonstrate that the proposed cognitive honeypot can effectively protect the target node from the lateral movement attack.

[1]  Chunxiao Jiang,et al.  Reinforcement Learning Based Capacity Management in Multi-Layer Satellite Networks , 2020, IEEE Transactions on Wireless Communications.

[2]  Neal Krawetz,et al.  Anti-honeypot technology , 2004, IEEE Security & Privacy Magazine.

[3]  Quanyan Zhu,et al.  Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats , 2017, 2019 International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOPT).

[4]  William H. Sanders,et al.  A Game-Theoretic Approach to Respond to Attacker Lateral Movement , 2016, GameSec.

[5]  Quanyan Zhu,et al.  Game of Duplicity: A Proactive Automated Defense Mechanism by Deception Design , 2020, ArXiv.

[6]  Yi Yang,et al.  Efficient Route Planning on Public Transportation Networks: A Labelling Approach , 2015, SIGMOD Conference.

[7]  Quanyan Zhu,et al.  On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats , 2018, IEEE Access.

[8]  Joseph Mitola,et al.  Cognitive radio: making software radios more personal , 1999, IEEE Wirel. Commun..

[9]  Quanyan Zhu,et al.  A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems , 2019, Comput. Secur..

[10]  Quanyan Zhu,et al.  Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov Decision Processes , 2019, GameSec.

[11]  Shen Su,et al.  Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment , 2019, IEEE Transactions on Industrial Informatics.

[12]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[13]  Indrajit Ray,et al.  Enterprise Cyber Resiliency Against Lateral Movement: A Graph Theoretic Approach , 2019, ArXiv.