Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses

Michael B. Crouse, B. Prosser, E. Fulp
{"title":"Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses","authors":"Michael B. Crouse, B. Prosser, E. Fulp","doi":"10.1145/2808475.2808480","DOIUrl":null,"url":null,"abstract":"Deception and moving target reconnaissance defenses are techniques that attempt to invalidate information an attacker attempts to gather. Deception defenses attempt to mislead attackers performing network reconnaissance, while moving target defenses seek to make it more difficult for the attacker to predict the state of their target by dynamically altering what the attacker sees. Although the deployment of reconnaissance defenses can be effective, there are nontrivial administration costs associated with their configuration and maintenance. As a result, understanding under the circumstances these defenses are effective and efficient is important. This paper introduces probabilistic models for reconnaissance defenses to provide deeper understanding of the theoretical effect these strategies and their parameters have for cyber defense. The models quantify the success of attackers under various conditions, such as network size, deployment of size, and number of vulnerable computers. This paper provides a probabilistic interpretation for the performance of honeypots, for deception, and network address shuffling, for moving target, and their effect in concert. The models indicate that a relatively small number of deployed honeypots can provide an effective defense strategy, often better than movement alone. Furthermore, the models confirm the intuition that that combining, or layering, defense mechanisms provide the largest impact to attacker success while providing a quantitative analysis of the improvement and parameters of each strategy.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":"264 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Second ACM Workshop on Moving Target Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2808475.2808480","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 44

Abstract

Deception and moving target reconnaissance defenses are techniques that attempt to invalidate information an attacker attempts to gather. Deception defenses attempt to mislead attackers performing network reconnaissance, while moving target defenses seek to make it more difficult for the attacker to predict the state of their target by dynamically altering what the attacker sees. Although the deployment of reconnaissance defenses can be effective, there are nontrivial administration costs associated with their configuration and maintenance. As a result, understanding under the circumstances these defenses are effective and efficient is important. This paper introduces probabilistic models for reconnaissance defenses to provide deeper understanding of the theoretical effect these strategies and their parameters have for cyber defense. The models quantify the success of attackers under various conditions, such as network size, deployment of size, and number of vulnerable computers. This paper provides a probabilistic interpretation for the performance of honeypots, for deception, and network address shuffling, for moving target, and their effect in concert. The models indicate that a relatively small number of deployed honeypots can provide an effective defense strategy, often better than movement alone. Furthermore, the models confirm the intuition that that combining, or layering, defense mechanisms provide the largest impact to attacker success while providing a quantitative analysis of the improvement and parameters of each strategy.
移动目标与欺骗侦察防御的概率性能分析
欺骗和移动目标侦察防御是试图使攻击者试图收集的信息无效的技术。欺骗防御试图误导攻击者执行网络侦察,而移动目标防御试图通过动态改变攻击者所看到的内容,使攻击者更难以预测目标的状态。尽管侦察防御的部署可能是有效的,但是与它们的配置和维护相关的管理成本很高。因此,了解在这种情况下这些防御是有效和高效的是很重要的。本文引入了侦察防御的概率模型,以便更深入地理解这些策略及其参数对网络防御的理论影响。这些模型量化了攻击者在各种条件下的成功,比如网络规模、部署规模和易受攻击的计算机数量。本文对蜜罐、欺骗、网络地址变换、移动目标的性能及其协同效应提供了一个概率解释。这些模型表明,相对少量的蜜罐部署可以提供有效的防御策略,通常比单独移动更好。此外,这些模型证实了一种直觉,即组合或分层防御机制对攻击者的成功影响最大,同时提供了对每种策略的改进和参数的定量分析。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信