Proceedings of the 5th ACM Workshop on Moving Target Defense最新文献

筛选
英文 中文
Dynamic Defense against Adaptive and Persistent Adversaries 动态防御适应和持久的对手
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268977
R. Poovendran
{"title":"Dynamic Defense against Adaptive and Persistent Adversaries","authors":"R. Poovendran","doi":"10.1145/3268966.3268977","DOIUrl":"https://doi.org/10.1145/3268966.3268977","url":null,"abstract":"This talk will cover two topics, namely, modeling and design of Moving Target Defense (MTD), and DIFT games for modeling Advanced Persistent Threats (APTs). We will first present a game-theoretic approach to characterizing the trade-off between resource efficiency and defense effectiveness in decoy- and randomization-based MTD. We will then address the game formulation for APTs. APTs are mounted by intelligent and resourceful adversaries who gain access to a targeted system and gather information over an extended period of time. APTs consist of multiple stages, including initial system compromise, privilege escalation, and data exfiltration, each of which involves strategic interaction between the APT and the targeted system. While this interaction can be viewed as a game, the stealthiness, adaptiveness, and unpredictability of APTs imply that the information structure of the game and the strategies of the APT are not readily available. Our approach to modeling APTs is based on the insight that the persistent nature of APTs creates information flows in the system that can be monitored. One monitoring mechanism is Dynamic Information Flow Tracking (DIFT), which taints and tracks malicious information flows through a system and inspects the flows at designated traps. Since tainting all flows in the system will incur significant memory and storage overhead, efficient tagging policies are needed to maximize the probability of detecting the APT while minimizing resource costs. In this work, we develop a multi-stage stochastic game framework for modeling the interaction between an APT and a DIFT, as well as designing an efficient DIFT-based defense. Our model is grounded on APT data gathered using the Refinable Attack Investigation (RAIN) flow-tracking framework. We present the current state of our formulation, insights that it provides on designing effective defenses against APTs, and directions for future work.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"31 11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89745650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Ensuring Deception Consistency for FTP Services Hardened against Advanced Persistent Threats 确保FTP服务欺骗一致性,增强对高级持续威胁的防范
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268971
Zhan Shu, Guanhua Yan
{"title":"Ensuring Deception Consistency for FTP Services Hardened against Advanced Persistent Threats","authors":"Zhan Shu, Guanhua Yan","doi":"10.1145/3268966.3268971","DOIUrl":"https://doi.org/10.1145/3268966.3268971","url":null,"abstract":"As evidenced by numerous high-profile security incidents such as the Target data breach and the Equifax hack, APTs (Advanced Persistent Threats) can significantly compromise the trustworthiness of cyber space. This work explores how to improve the effectiveness of cyber deception in hardening FTP (File Transfer Protocol) services against APTs. The main objective of our work is to ensure deception consistency: when the attackers are trapped, they can only make observations that are consistent with what they have seen already so that they cannot recognize the deceptive environment. To achieve deception consistency, we use logic constraints to characterize an attacker's best knowledge (either positive, negative, or uncertain). When migrating the attacker's FTP connection into a contained environment, we use these logic constraints to instantiate a new FTP file system that is guaranteed free of inconsistency. We performed deception experiments with student participants who just completed a computer security course. Following the design of Turing tests, we find that the participants' chances of recognizing deceptive environments are close to random guesses. Our experiments also confirm the importance of observation consistency in identifying deception.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"65 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90449486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A Security SLA-Driven Moving Target Defense Framework to Secure Cloud Applications 一个安全sla驱动的移动目标防御框架来保护云应用
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3268966.3268975
V. Casola, Alessandra De Benedictis, M. Rak, Umberto Villano
{"title":"A Security SLA-Driven Moving Target Defense Framework to Secure Cloud Applications","authors":"V. Casola, Alessandra De Benedictis, M. Rak, Umberto Villano","doi":"10.1145/3268966.3268975","DOIUrl":"https://doi.org/10.1145/3268966.3268975","url":null,"abstract":"The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even if security policies declared by the service provider are properly implemented before the service is deployed and launched, the actual security level tends to degrade over time, due to the knowledge on the exposed attack surface that the attackers are progressively able to gain. In this paper, we present a Security SLA-driven MTD framework that allows MTD strategies to be applied to a cloud application by automatically switching among different admissible application configurations, in order to confuse the attackers and nullify their reconnaissance effort, while preserving the application Security SLA across reconfigurations.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"44 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74951222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Session details: Keynote 会议详情:
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3285946
Massimiliano Albanese
{"title":"Session details: Keynote","authors":"Massimiliano Albanese","doi":"10.1145/3285946","DOIUrl":"https://doi.org/10.1145/3285946","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82003441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Session 1: Evaluation of MTD Techniques 会议详情:第1部分:MTD技术的评估
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2018-01-15 DOI: 10.1145/3285944
I. Ray
{"title":"Session details: Session 1: Evaluation of MTD Techniques","authors":"I. Ray","doi":"10.1145/3285944","DOIUrl":"https://doi.org/10.1145/3285944","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79536234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Diversifying the Software Stack Using Randomized NOP Insertion 利用随机NOP插入实现软件堆栈的多样化
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2013-01-01 DOI: 10.1007/978-1-4614-5416-8_8
Todd Jackson, Andrei Homescu, Stephen Crane, Per Larsen, Stefan Brunthaler, M. Franz
{"title":"Diversifying the Software Stack Using Randomized NOP Insertion","authors":"Todd Jackson, Andrei Homescu, Stephen Crane, Per Larsen, Stefan Brunthaler, M. Franz","doi":"10.1007/978-1-4614-5416-8_8","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_8","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"14 1","pages":"151-173"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78301649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Game Theoretic Approaches to Attack Surface Shifting 攻击面移动的博弈论方法
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2013-01-01 DOI: 10.1007/978-1-4614-5416-8_1
P. Manadhata
{"title":"Game Theoretic Approaches to Attack Surface Shifting","authors":"P. Manadhata","doi":"10.1007/978-1-4614-5416-8_1","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_1","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"51 1","pages":"1-13"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76794598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
Security Games Applied to Real-World: Research Contributions and Challenges 安全游戏应用于现实世界:研究贡献与挑战
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2013-01-01 DOI: 10.1007/978-1-4614-5416-8_2
Manish Jain, Bo An, Milind Tambe
{"title":"Security Games Applied to Real-World: Research Contributions and Challenges","authors":"Manish Jain, Bo An, Milind Tambe","doi":"10.1007/978-1-4614-5416-8_2","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_2","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"1 1","pages":"15-39"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86566909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
From Individual Decisions from Experience to Behavioral Game Theory: Lessons for Cybersecurity 从经验的个人决策到行为博弈论:网络安全的教训
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2013-01-01 DOI: 10.1007/978-1-4614-5416-8_4
Cleotilde González
{"title":"From Individual Decisions from Experience to Behavioral Game Theory: Lessons for Cybersecurity","authors":"Cleotilde González","doi":"10.1007/978-1-4614-5416-8_4","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_4","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"8 1","pages":"73-86"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91334190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Adversarial Dynamics: The Conficker Case Study 对抗性动力学:Conficker案例研究
Proceedings of the 5th ACM Workshop on Moving Target Defense Pub Date : 2013-01-01 DOI: 10.1007/978-1-4614-5416-8_3
D. Bilar, G. Cybenko, J. P. Murphy
{"title":"Adversarial Dynamics: The Conficker Case Study","authors":"D. Bilar, G. Cybenko, J. P. Murphy","doi":"10.1007/978-1-4614-5416-8_3","DOIUrl":"https://doi.org/10.1007/978-1-4614-5416-8_3","url":null,"abstract":"","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"10 1","pages":"41-71"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80093765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信