Efficient defense strategies to minimize attackers' success probabilities in honeynet

In this paper, we consider the problem of minimizing attackers' success probability in a protected network subject to attacker profile/behavior constraints and defender resource/strategy constraints. Compared with previous research, the following two enhancements are made. First, we no longer assume that perfect knowledge regarding the network topology and defense resource allocation is fully available for attackers (a worst case scenario for the defender). Second, all combinations of attacker classes can be considered, where each attacker class may be associated with any number of attributes, including ratio, intelligence/experience level, available attack resource and sophisticated attack strategies. The problem is modeled as a generic mathematical programming problem, and a novel two-phase solution approach, which well combines mathematical programming and simulation techniques, is proposed. More specifically, in the “Evaluation Phase”, efficient and effective simulations are conducted to evaluate the effectiveness of the current defense policy; whereas, in the “Defense Policy Enhancement Phase”, specially-proposed and easy-to-collect information from the “Objective Function Evaluation Phase” is adopted to calculate gradients of the decision variables. From computational experiments on honeynet, applicability and effectiveness of the proposed framework and algorithm are clearly demonstrated.

[1]  Fabien Pouget White paper: honeypot, honeynet, honeytoken: terminological issues , 2003 .

[2]  Xingang Wang,et al.  Protecting infrastructure networks from cost-based attacks , 2009, ArXiv.

[3]  Fred Cohen Feature: Managing network security: Attack and defence strategies , 1999 .

[4]  K. Hausken Production and Conflict Models Versus Rent-Seeking Models , 2005 .

[5]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[6]  Gregory Levitin,et al.  False targets efficiency in defense strategy , 2009, Eur. J. Oper. Res..

[7]  Ian Welch,et al.  VICTORIA UNIVERSITY OF WELLINGTON , 2006 .

[8]  Frank Yeong-Sung Lin,et al.  Maximization of Network Survival Time in the Event of Intelligent and Malicious Attacks , 2008, 2008 IEEE International Conference on Communications.

[9]  Christos K. Dimitriadis,et al.  Improving Mobile Core Network Security with Honeynets , 2007, IEEE Security & Privacy.

[10]  Frank Yeong-Sung Lin,et al.  Near Optimal Protection Strategies Against Targeted Attacks on the Core Node of a Network , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[11]  Alan T. Murray,et al.  Critical network infrastructure analysis: interdiction and system flow , 2007, J. Geogr. Syst..

[12]  Wei Wang,et al.  A Survivability Quantitative Analysis Model for Network System Based on Attack Graph , 2007, 2007 International Conference on Machine Learning and Cybernetics.