Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Chakraborty, Tanmoya; * | Jajodia, Sushilb | Park, Noseongc | Pugliese, Andread; ** | Serra, Edoardoe | Subrahmanian, V.S.f
Affiliations: [a] Computer Science and Engineering Department, Indraprastha Institute of Information Technology at Delhi, India. E-mail: [email protected] | [b] Center for Secure Information Systems, George Mason University at Fairfax, VA, USA. E-mail: [email protected] | [c] Software and Information Systems Department, University of North Carolina at Charlotte, NC, USA. E-mail: [email protected] | [d] DIMES Department, University of Calabria, Italy. E-mail: [email protected] | [e] Computer Science Department, Boise State University, ID, USA. E-mail: [email protected] | [f] Computer Science Department, Dartmouth College, NH, USA. E-mail: [email protected]
Correspondence: [**] Corresponding author. E-mail: [email protected].
Note: [1] The authors are listed in alphabetical order.
Note: [*] The author did part of the work as a postdoctoral researcher at University of Maryland, College Park, USA.
Abstract: Most past work on honeypots has made two assumptions: (i) they assume that the only defensive measure used is a honeypot mechanism, and (ii) they do not consider both rational and subrational adversaries and do not reason with an adversary model when placing honeypots. However, real-world system security officers use a mix of instruments such as traditional defenses (e.g. firewalls, intrusion detection systems), and honeypots form only one portion of the strategy. Moreover, the placement of traditional defenses and honeypots cannot be done independently. In this paper, we consider a Stackelberg-style game situation where the defender models the attacker and uses that model to identify the best placement of traditional defenses and honeypots. We provide a formal definition of undamaged asset value (i.e. the value that is not compromised by the attacker) under a given defensive strategy and show that the problem of finding the best placement so as to maximize undamaged asset value is NP-hard. We propose a greedy algorithm and show via experiments, both on real enterprise networks and on ones generated by the well-known network simulation tool NS-2, that our algorithm quickly computes near optimal placements. As such, our method is both practical and effective.
Keywords: Adversarial defense of enterprise systems, game theoretic models
DOI: 10.3233/JCS-171094
Journal: Journal of Computer Security, vol. 26, no. 5, pp. 615-645, 2018
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]