DocumentCode :
1782792
Title :
Manipulating the attacker´s view of a system´s attack surface
Author :
Albanese, Massimiliano ; Battista, Ermanno ; Jajodia, Sushil ; Casola, V.
Author_Institution :
Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA
fYear :
2014
fDate :
29-31 Oct. 2014
Firstpage :
472
Lastpage :
480
Abstract :
Cyber attacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, and unpatched vulnerabilities. Unfortunately, when system configurations are static, attackers will always be able, given enough time, to acquire accurate knowledge about the target system and engineer effective exploits. To address this important problem, many adaptive techniques have been devised to dynamically change some aspects of a system´s configuration in order to introduce uncertainty for the attacker. In this paper, we advance the state of the art in adaptive defense by looking at the problem from a control perspective and proposing a graph-based approach to manipulate the attacker´s view of a system´s attack surface. To achieve this objective, we formalize the notion of system view and distance between views. We then define a principled approach to manipulate responses to attacker´s probes so as to induce an external view of the system that satisfies certain desirable properties. In particular, we propose efficient algorithmic solutions to different classes of problems, namely (i) inducing an external view that is at a minimum distance from the internal view while minimizing the cost for the defender; (ii) inducing an external view that maximizes the distance from the internal view, given an upper bound on the admissible cost for the defender. Experiments conducted on a prototypal implementation of the proposed algorithms confirm that our approach is efficient and effective in steering the attackers away from critical resources.
Keywords :
IP networks; computer network security; adaptive defense; admissible cost; attacker probes; attacker view manipulation; control perspective; critical resources; cyber attacks; defender cost minimization; external view; graph-based approach; information collection; internal view; knowledge acquition; minimum distance; network topology; principled approach; reconnaissance phase; service dependencies; static system configurations; system attack surface; system view distance; target system; unpatched vulnerabilities; upper bound; Adaptive systems; Communication networks; Conferences; Operating systems; Probes; Security; Servers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Communications and Network Security (CNS), 2014 IEEE Conference on
Conference_Location :
San Francisco, CA
Type :
conf
DOI :
10.1109/CNS.2014.6997517
Filename :
6997517
Link To Document :
بازگشت