An Attacker-Defender Game for Honeynets
نویسندگان
چکیده
A honeynet is a portion of routed but otherwise unused address space that is instrumented for network traffic monitoring. It is an invaluable tool for understanding unwanted Internet traffic and malicious attacks. We formalize the problem of defending honeynets from systematic mapping (a serious threat to their viability) as a simple two-person game. The objective of the Attacker is to identify a honeynet with a minimum number of probes. The objective of the Defender is to maintain a honeynet for as long as possible before moving it to a new location within a larger address space. Using this game theoretic framework, we describe and prove optimal or near-optimal strategies for both Attacker and Defender. This is the first mathematically rigorous study of this increasingly important problem on honeynet defense. Our theoretical ideas provide the first formalism of the honeynet monitoring problem, illustrate the viability of network address shuffling, and inform the design of next generation honeynet defense.
منابع مشابه
Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats
Advanced persistent threats (APTs) are stealthy attacks which make use of social engineering and deception to give adversaries insider access to networked systems. Against APTs, active defense technologies aim to create and exploit information asymmetry for defenders. In this paper, we study a scenario in which a powerful defender uses honeynets for active defense in order to observe an attacke...
متن کاملTarget-Hardening Decisions Based on Uncertain Multiattribute Terrorist Utility
W e present a game-theoretic model to explore how uncertainty about terrorist preferences can affect optimal resource allocations for infrastructure protection. We consider a dynamic game with incomplete information , in which the defender chooses how to allocate her defensive resources, and then an attacker chooses which target to attack according to a multiattribute utility function. Our mode...
متن کاملSecurity of Transportation Networks: Modeling Attacker-Defender Interaction
Transportation networks are increasingly facing new security threats due to the vulnerabilities of cyber-physical components that support their operation. In this article, we aim to understand how the network operator (defender) should prioritize the investment in securing a set of facilities in order to limit the impact of a strategic adversary (attacker) who can target a facility to increase ...
متن کاملOptimal Deceptive Strategies in Security Games: A Preliminary Study
Attacker-defender Stackelberg games have been used in several deployed applications of game theory for infrastructure security. Security resources of the defender are game-theoretically allocated to prevent a strategic attacker from using surveillance to learn and exploit patterns in the allocation. Existing work on security games assumes that the defender honestly displays her real security re...
متن کاملAdversarial Patrolling Games
Defender-Attacker Stackelberg games are the foundations of tools deployed for computing optimal patrolling strategies in adversarial domains such as the United states Federal Air Marshals Service and the United States Coast Guard, among others. In Stackelberg game models of these systems the attacker knows only the probability that each target is covered by the defender, but is oblivious to the...
متن کامل