Effective Proactive and Reactive Defense Strategies against Malicious Attacks in a Virtualized Honeynet

Virtualization plays an important role in the recent trend of cloud computing. It allows the administrator to manage and allocate hardware resources flexibly. However, it also causes some security issues. This is a critical problem for service providers, who simultaneously strive to defend against malicious attackers while providing legitimate users with high quality service. In this paper, the attack-defense scenario is formulated as a mathematical model where the defender applies both proactive and reactive defense mechanisms against attackers with different attack strategies. In order to simulate real-world conditions, the attackers are assumed to have incomplete information and imperfect knowledge of the target network. This raises the difficulty of solving the model greatly, by turning the problem nondeterministic. After examining the experiment results, effective proactive and reactive defense strategies are proposed. This paper finds that a proactive defense strategy is suitable for dealing with aggressive attackers under “winner takes all” circumstances, while a reactive defense strategy works better in defending against less aggressive attackers under “fight to win or die” circumstances.

[1]  Fred Cohen Feature: Managing network security: Attack and defence strategies , 1999 .

[2]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[3]  Ian Welch,et al.  VICTORIA UNIVERSITY OF WELLINGTON , 2006 .

[4]  Zhanshan Ma,et al.  Towards a unified definition for reliability, survivability and resilience (I): the conceptual framework inspired by the handicap principle and ecological stability , 2010, 2010 IEEE Aerospace Conference.

[5]  Bernd Freisleben,et al.  Securing stateful grid servers through virtual server rotation , 2008, HPDC '08.

[6]  S. Skaperdas Contest success functions , 1996 .

[7]  Ross J. Anderson,et al.  Dynamic Topologies for Robust Scale-Free Networks , 2008, BIOWIRE.

[8]  Frank Yeong-Sung Lin,et al.  Efficient defense strategies to minimize attackers' success probabilities in honeynet , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[9]  Arun K. Sood,et al.  Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security , 2006, J. Networks.

[10]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[11]  Gregory Levitin,et al.  Protection vs. false targets in series systems , 2009, Reliab. Eng. Syst. Saf..

[12]  Fabien Pouget White paper: honeypot, honeynet, honeytoken: terminological issues , 2003 .

[13]  Gregory Levitin,et al.  False targets efficiency in defense strategy , 2009, Eur. J. Oper. Res..

[14]  D. Risolo The Paradox of Power , 2011 .

[15]  Miguel Hernández,et al.  Honeypots: Basic Concepts, Classification and Educational Use as Resources in Information Security Education and Courses , 2008 .

[16]  Wenye Wang,et al.  On the Survivability of Wireless Ad Hoc Networks with Node Misbehaviors and Failures , 2010, IEEE Transactions on Dependable and Secure Computing.

[17]  J. Hirshleifer Conflict and rent-seeking success functions: Ratio vs. difference models of relative success , 1989 .

[18]  Arun K. Sood,et al.  Closing cluster attack windows through server redundancy and rotations , 2006 .

[19]  Frank Yeong-Sung Lin,et al.  Redundancy and Defense Resource Allocation Algorithms to Assure Service Continuity against Natural Disasters and Intelligent Attackers , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[20]  B. Cheswick An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied , 1997 .

[21]  S. Rahman Reliability Engineering and System Safety , 2011 .

[22]  Guy Pujolle,et al.  A survey of survivability in mobile ad hoc networks , 2009, IEEE Communications Surveys & Tutorials.

[23]  Gregory Levitin,et al.  Preventive strike vs. false targets and protection in defense strategy , 2011, Reliab. Eng. Syst. Saf..