sesa 19(21): e2

Research Article

Attacker Capability based Dynamic Deception Model for Large-Scale Networks

Download1075 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.13-7-2018.162808,
    author={Md Ali Reza Al Amin and Sachin Shetty and Laurent Njilla and Deepak K. Tosh and Charles Kamhoua},
    title={Attacker Capability based Dynamic Deception Model for Large-Scale Networks},
    journal={EAI Endorsed Transactions on Security and Safety},
    volume={6},
    number={21},
    publisher={EAI},
    journal_a={SESA},
    year={2019},
    month={8},
    keywords={cyber deception, network security, POMCP, POMDP, SDN, exploit dependency graph},
    doi={10.4108/eai.13-7-2018.162808}
}
  • Md Ali Reza Al Amin
    Sachin Shetty
    Laurent Njilla
    Deepak K. Tosh
    Charles Kamhoua
    Year: 2019
    Attacker Capability based Dynamic Deception Model for Large-Scale Networks
    SESA
    EAI
    DOI: 10.4108/eai.13-7-2018.162808
Md Ali Reza Al Amin1,*, Sachin Shetty1, Laurent Njilla2, Deepak K. Tosh3, Charles Kamhoua4
  • 1: Old Dominion University, Norfolk, Virginia, USA
  • 2: Air Force Research Lab, Rome, New York, USA
  • 3: University of Texas at El Paso, El Paso, Texas, USA
  • 4: Army Research Lab, Adelphi, Maryland, USA
*Contact email: malam002@odu.edu

Abstract

In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In our model, we also capture the attacker’s capability using a belief matrix which is a joint probability distribution over the security states and attacker types. Experiments conducted on the prototype implementation of our DDS confirm that the defender can make the decision whether to spend more resources or save resources based on attacker types and thwart reconnaissance mission.

Keywords
cyber deception, network security, POMCP, POMDP, SDN, exploit dependency graph
Received
2019-05-30
Accepted
2019-07-13
Published
2019-08-01
Publisher
EAI
http://dx.doi.org/10.4108/eai.13-7-2018.162808

Copyright © 2019 Md Ali Reza Al Amin et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.