research-article

Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses

Authors:

Michael Crouse,

Errin W. FulpAuthors Info & Claims

MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

Pages 21 - 29

https://doi.org/10.1145/2808475.2808480

Published: 12 October 2015 Publication History

Abstract

Deception and moving target reconnaissance defenses are techniques that attempt to invalidate information an attacker attempts to gather. Deception defenses attempt to mislead attackers performing network reconnaissance, while moving target defenses seek to make it more difficult for the attacker to predict the state of their target by dynamically altering what the attacker sees. Although the deployment of reconnaissance defenses can be effective, there are nontrivial administration costs associated with their configuration and maintenance. As a result, understanding under the circumstances these defenses are effective and efficient is important. This paper introduces probabilistic models for reconnaissance defenses to provide deeper understanding of the theoretical effect these strategies and their parameters have for cyber defense. The models quantify the success of attackers under various conditions, such as network size, deployment of size, and number of vulnerable computers. This paper provides a probabilistic interpretation for the performance of honeypots, for deception, and network address shuffling, for moving target, and their effect in concert. The models indicate that a relatively small number of deployed honeypots can provide an effective defense strategy, often better than movement alone. Furthermore, the models confirm the intuition that that combining, or layering, defense mechanisms provide the largest impact to attacker success while providing a quantitative analysis of the improvement and parameters of each strategy.

References

[1]

F. Cohen and Associates, "Moving target defenses with and without cover deception," Downloaded from http://all.net/Analyst/2010--10.pdf, Oct. 2010.

[2]

J. H. H. Jafarian, E. Al-Shaer, and Q. Duan, "Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers," in Proceedings of the First ACM Workshop on Moving Target Defense. ACM, 2014, pp. 69--78.

Digital Library

[3]

N. C. Rowe, "Measuring the effectiveness of honeypot counter-counterdeception," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS)., vol. 6. IEEE, 2006.

Digital Library

[4]

H. Wang, Q. Jia, D. Fleck, W. Powell, F. Li, and A. Stavrou, "A moving target ddos defense mechanism," Computer Communications, vol. 46, pp. 10--21, 2014.

[5]

T. E. Carroll, M. B. Crouse, E. W. Fulp, and K. S. Berenhaut, "Analysis of network address shuffling as a moving target defense," in Proceedings of the IEEE International Conference on Communications, 2014.

[6]

J. Michalski, C. Price, E. Stanton, E. Lee, K. S. Chua, Y. H. Wong, and C. P. Tan, "Final report for the network security mechanisms utilizing network address translation LDRD project," Sandia National Laboratory, SAND Rep. SAND2002--3613, Nov. 2002.

[7]

L. Shi, C. Jia, S. Lü, and Z. Liu, "Port and address hopping for active cyber-defense," in Intelligence and Security Informatics, ser. Lecture Notes in Computer Science. Springer, 2007, vol. 4430, pp. 295--300.

Digital Library

[8]

N. C. Rowe, "Measuring the effectiveness of honeypot counter-counterdeception," in Proc. of the 39th Annual Hawaii Int. Conf. on System Sciences (HICSS '06), 2006, p. 129.3.

Digital Library

[9]

L. Spitzner, "The honeynet project: trapping the hackers," Security & Privacy, IEEE, vol. 1, no. 2, pp. 15--23, Mar 2003.

Digital Library

[10]

J. F. Dunnigan and A. A. Nofi, Victory and Deceit: Deception and Trickery at War, 2nd ed. San Jose, California, USA: Writers Club Press, 2001.

[11]

R. McGrew, "Experiences with honeypot systems: Development, deployment, and analysis," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS), vol. 9, 2006.

Digital Library

[12]

H. M. Mahmoud, Pólya Urn Models. Chapman and Hall, 2008.

[13]

A. Blum, D. Song, and S. Venkataraman, "Detection of interactive stepping stones: Algorithms and confidence bounds," in Conference of Recent Advance in Intrusion Detection (RAID). Springer, 2004, pp. 258--277.

[14]

X. Fu, W. Yu, D. Cheng, X. Tan, K. Streff, and S. Graham, "On recognizing virtual honeypots and countermeasures," in Proc. of the 2nd IEEE Int. Symp. on Dependable, Autonomic and Secure Computing (DASC '06), 2006, pp. 211--218.

Digital Library

[15]

T. Holz and F. Raynal, "Detecting honeypots and other suspicious environments," in Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, 2005.

[16]

"Sigcomm 2008 network traces," http://www.cs.umd.edu/projects/wifidelity/sigcomm08_traces/.

[17]

N. C. Rowe and H. C. Goh, "Thwarting cyber-attack reconnaissance with inconsistency and deception," in Information Assurance and Security Workshop, 2007. IAW'07. IEEE SMC. IEEE, 2007, pp. 151--158.

Cited By

Xu GWang WSun DMa YWang YHuang W(2024)MLNT: A Multi-Level Network Traps Deployment Method2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10580355(42-47)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10580355
Wang SPei QXiao YShao FYuan SChu JLiao R(2024)Probabilistic models for evaluating network edge's resistance against scan and foothold attackIET Communications10.1049/cmu2.12774Online publication date: 23-Apr-2024
https://doi.org/10.1049/cmu2.12774
Javadpour AJa'fari FTaleb TShojafar MBenzaïd C(2024)A Comprehensive Survey on Cyber Deception Techniques to Improve Honeypot PerformanceComputers & Security10.1016/j.cose.2024.103792(103792)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2024.103792
Show More Cited By

Index Terms

Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses
1. Computing methodologies
  1. Modeling and simulation
    1. Model development and analysis
      1. Model verification and validation

Recommendations

Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...
Deception-Based Game Theoretical Approach to Mitigate DoS Attacks
GameSec 2016: 7th International Conference on Decision and Game Theory for Security - Volume 9996

Denial of Service DoS attacks prevent legitimate users from accessing resources by compromising availability of a system. Despite advanced prevention mechanisms, DoS attacks continue to exist, and there is no widely-accepted solution. We propose a ...
Analysis of Concurrent Moving Target Defenses
MTD '18: Proceedings of the 5th ACM Workshop on Moving Target Defense

While Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

October 2015

114 pages

ISBN:9781450338233

DOI:10.1145/2808475

Program Chairs:
George Cybenko
Dartmouth College, USA
,
Dijiang Huang
Arizona State University, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12, 2015

Colorado, Denver, USA

Acceptance Rates

MTD '15 Paper Acceptance Rate 8 of 19 submissions, 42%;

Overall Acceptance Rate 40 of 92 submissions, 43%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
620
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)4

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu GWang WSun DMa YWang YHuang W(2024)MLNT: A Multi-Level Network Traps Deployment Method2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10580355(42-47)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10580355
Wang SPei QXiao YShao FYuan SChu JLiao R(2024)Probabilistic models for evaluating network edge's resistance against scan and foothold attackIET Communications10.1049/cmu2.12774Online publication date: 23-Apr-2024
https://doi.org/10.1049/cmu2.12774
Javadpour AJa'fari FTaleb TShojafar MBenzaïd C(2024)A Comprehensive Survey on Cyber Deception Techniques to Improve Honeypot PerformanceComputers & Security10.1016/j.cose.2024.103792(103792)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2024.103792
Hong QLi JGuo XXie PZhai L(2024)Assessing the Effectiveness of Deception-Based Cyber Defense with CyberBattleSimDigital Forensics and Cyber Crime10.1007/978-3-031-56583-0_15(224-243)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-56583-0_15
Javadpour AJa’Fari FTaleb TBenzaïd C(2023)A Mathematical Model for Analyzing Honeynets and Their Cyber Deception Techniques2023 27th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS59891.2023.00019(81-88)Online publication date: 14-Jun-2023
https://doi.org/10.1109/ICECCS59891.2023.00019
Gao CWang YXiong X(2022)A Cyber Deception Defense Method Based on Signal Game to Deal with Network IntrusionSecurity and Communication Networks10.1155/2022/39492922022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3949292
Abri FZheng JNamin AJones K(2022)Markov Decision Process for Modeling Social Engineering Attacks and Finding Optimal Attack StrategiesIEEE Access10.1109/ACCESS.2022.321371110(109949-109968)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3213711
Zheng YLi ZXu XZhao Q(2022)Dynamic defenses in cyber security: Techniques, methods and challengesDigital Communications and Networks10.1016/j.dcan.2021.07.0068:4(422-435)Online publication date: Aug-2022
https://doi.org/10.1016/j.dcan.2021.07.006
Yang GGe MGao SLu XZhang LDoss R(2022)A Differential Privacy Mechanism for Deceiving Cyber Attacks in IoT NetworksNetwork and System Security10.1007/978-3-031-23020-2_23(406-425)Online publication date: 7-Dec-2022
https://doi.org/10.1007/978-3-031-23020-2_23
Zhu MAnwar AWan ZCho JKamhoua CSingh M(2021)A Survey of Defensive Deception: Approaches Using Game Theory and Machine LearningIEEE Communications Surveys & Tutorials10.1109/COMST.2021.310287423:4(2460-2493)Online publication date: Dec-2022
https://doi.org/10.1109/COMST.2021.3102874
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents