MAAT: Multi-Stage Attack Attribution in Enterprise Systems using Software Defined Networks

Kannan, Subramaniyam and Wood, Paul and Chaterji, Somali and Bakchi, Saurabh and Deatrick, Larry and Beane, Patricia (2017) MAAT: Multi-Stage Attack Attribution in Enterprise Systems using Software Defined Networks. EAI Endorsed Transactions on Security and Safety, 4 (11). e4. ISSN 2032-9393

Available under License Creative Commons Attribution No Derivatives.

Download (980kB) | Preview


Multi-layer distributed systems, such as those found in corporate systems, are often the target of multi- stage attacks. Such attacks utilize multiple victim machines, in a series, to compromise a target asset deep inside the corporate network. Under such attacks, it is difficult to identify the upstream attacker’s identity from a downstream victim machine because of the mixing of multiple network flows. This is known as the attribution problem in security domains. We present MAAT, a system that solves such attribution problems for multi-stage attacks. It does this by using moving target defense, ie, shuffling the assignment of clients to server replicas, which is achieved through software defined networking. As alerts are generated, MAAT maintains state about the level of risk for each network flow and progressively isolates the malicious flows. Using a simulation, we show that MAAT can identify single and multiple attackers in a variety of systems with different numbers of servers, layers, and clients.

Item Type: Article
Uncontrolled Keywords: multi-stage attacks, attack attribution, software defined network, moving target defense
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 13:52
Last Modified: 26 Mar 2021 13:52

Actions (login required)

View Item View Item