A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.

Download Full-text

A network attack path prediction method using attack graph

Journal of Ambient Intelligence and Humanized Computing ◽

10.1007/s12652-020-02206-5 ◽

2020 ◽

Cited By ~ 1

Author(s):

Xuguang Liu

Keyword(s):

Prediction Method ◽

Network Attack ◽

Attack Graph ◽

Attack Path ◽

Path Prediction

Download Full-text

Optimal Security Protection Selection Strategy Based on Markov Model Attack Graph

Journal of Physics Conference Series ◽

10.1088/1742-6596/2132/1/012020 ◽

2021 ◽

Vol 2132 (1) ◽

pp. 012020

Author(s):

Jinwei Yang ◽

Yu Yang

Keyword(s):

Markov Chain ◽

Selection Strategy ◽

Particle Swarm Algorithm ◽

Attack Graph ◽

Protection Policy ◽

Network Intrusion ◽

Absorbing Markov Chain ◽

State Transfer ◽

Attack Path ◽

Path Prediction

Abstract Intrusion intent and path prediction are important for security administrators to gain insight into the possible threat behavior of attackers. Existing research has mainly focused on path prediction in ideal attack scenarios, yet the ideal attack path is not always the real path taken by an intruder. In order to accurately and comprehensively predict the path information of network intrusion, a multi-step attack path prediction method based on absorbing Markov chains is proposed. Firstly, the node state transfer probability normalization algorithm is designed by using the nil posteriority and absorption of state transfer in absorbing Markov chain, and it is proved that the complete attack graph can correspond to absorbing Markov chain, and the economic indexes of protection cost and attack benefit and the index quantification method are constructed, and the optimal security protection policy selection algorithm based on particle swarm algorithm is proposed, and finally the experimental verification of the model in protection Finally, we experimentally verify the feasibility and effectiveness of the model in protection policy decision-making, which can effectively reduce network security risks and provide more security protection guidance for timely response to network attack threats.

Download Full-text

Automated Honeynet Deployment Strategy for Active Defense in Container-based Cloud

2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS) ◽

10.1109/hpcc-smartcity-dss50907.2020.00059 ◽

2020 ◽

Author(s):

Tong Kong ◽

Liming Wang ◽

Duohe Ma ◽

Zhen Xu ◽

Qian Yang ◽

...

Keyword(s):

Active Defense ◽

Deployment Strategy

Download Full-text

An Approach on Attack Path Prediction Modeling Based on Game Theory

2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC) ◽

10.1109/iaeac50856.2021.9391078 ◽

2021 ◽

Author(s):

SU Yang

Keyword(s):

Game Theory ◽

Prediction Modeling ◽

Attack Path ◽

Path Prediction

Download Full-text

A Path Prediction Method for Human-Accompanying Mobile Robot Based on Neural Network

Intelligent Science and Intelligent Data Engineering - Lecture Notes in Computer Science ◽

10.1007/978-3-642-31919-8_5 ◽

2012 ◽

pp. 35-42

Author(s):

Zhiqian Wu ◽

Masafumi Hashimoto ◽

Baolong Guo ◽

Kazuhiko Takahashi

Keyword(s):

Neural Network ◽

Mobile Robot ◽

Prediction Method ◽

Path Prediction

Download Full-text

An Attack Graph Based Approach for Threat Identification of an Enterprise Network

Cyber Security and Global Information Assurance ◽

10.4018/978-1-60566-326-5.ch002 ◽

2009 ◽

pp. 23-47 ◽

Cited By ~ 1

Author(s):

Somak Bhattacharya ◽

Samresh Malhotra ◽

S. K. Ghosh

Keyword(s):

Causal Relationship ◽

Risk Mitigation ◽

Automatic Assessment ◽

Enterprise Network ◽

Attack Graphs ◽

Attack Graph ◽

Attack Path ◽

Critical Resource ◽

Attack Surface ◽

The Individual

As networks continue to grow in size and complexity, automatic assessment of the security vulnerability becomes increasingly important. The typical means by which an attacker breaks into a network is through a series of exploits, where each exploit in the series satisfies the pre-condition for subsequent exploits and makes a causal relationship among them. Such a series of exploits constitutes an attack path where the set of all possible attack paths form an attack graph. Attack graphs reveal the threat by enumerating all possible sequences of exploits that can be followed to compromise a given critical resource. The contribution of this chapter is to identify the most probable attack path based on the attack surface measures of the individual hosts for a given network and also identify the minimum possible network securing options for a given attack graph in an automated fashion. The identified network securing options are exhaustive and the proposed approach aims at detecting cycles in forward reachable attack graphs. As a whole, the chapter deals with identification of probable attack path and risk mitigation which may facilitate in improving the overall security of an enterprise network.

Download Full-text

New Insights into Approaches to Evaluating Intention and Path for Network Multistep Attacks

Mathematical Problems in Engineering ◽

10.1155/2018/4278632 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Hao Hu ◽

Yuling Liu ◽

Yingjie Yang ◽

Hongqi Zhang ◽

Yuchen Zhang

Keyword(s):

Success Probability ◽

Security Policies ◽

Attack Graph ◽

The Public ◽

Absorbing Markov Chain ◽

Monotonicity Assumption ◽

Attack Path ◽

Security Evaluations ◽

Public Datasets ◽

Evaluation Approaches

The attack graph (AG) is an abstraction technique that reveals the ways an attacker can use to leverage vulnerabilities in a given network to violate security policies. The analyses developed to extract security-relevant properties are referred to as AG-based security evaluations. In recent years, many evaluation approaches have been explored. However, they are generally limited to the attacker’s “monotonicity” assumption, which needs further improvements to overcome the limitation. To address this issue, the stochastic mathematical model called absorbing Markov chain (AMC) is applied over the AG to give some new insights, namely, the expected success probability of attack intention (EAIP) and the expected attack path length (EAPL). Our evaluations provide the preferred mitigating target hosts and the vulnerabilities patching prioritization of middle hosts. Tests on the public datasets DARPA2000 and Defcon’s CTF23 both verify that our evaluations are available and reliable.

Download Full-text