Hidden Markov Model and Cyber Deception for the Prevention of Adversarial Lateral Movement

Advanced persistent threats (APTs) have emerged as multi-stage attacks that targeted nation-states and their associated entities, including private corporate sectors. Cyber deception has a defense approach to secure our cyber infrastructure from APTs. Practical deployment of relies on defenders' ability place decoy nodes along the APT path optimally. This paper presents focused predicting most likely sequence attack paths deploying predicted path. Our proposed combines reactive (graph analysis) proactive (cyber technology) thwart adversaries' lateral movement. The is realized through two phases. first phase predicts based Intrusion Detection System (IDS) alerts network trace, second determining optimal We employ transition probabilities in Hidden Markov Model predict In phase, we utilize deploy nodes. However, it attacker will not follow move laterally. To address this challenge, Partially Observable Monte-Carlo Planning (POMCP) framework. POMCP helps defender assess several actions block when deviates evaluation results show can thwarts adversarial