Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

Zhang, Huan; Zheng, Kangfeng; Wang, Xiujuan; Si, Luo; Wu, Bin

doi:10.1109/access.2019.2918319

Cited by 14 publications

(9 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Each column j represents a timestamp, and at each time j, the defender can pick max(5, u j ) paths to monitor where u j is the number of undetermined paths at time j. For a position (i, j) where i ∈ [1,20] and j ∈ [1, 80], if it is in blue, it means path i is monitored at timestamp j; if it is in red, it means path i is classified as an APT attack scenario at timestamp j and it will no longer be monitored which is represented by marking its future states as grey; if it is in green, it means path i is classified as a benign scenario at timestamp j and it will no longer be monitored which is represented by marking its future states as grey. Therefore, the number of undetermined paths u j is the number of paths that are not in grey at time j.…”

Section: Results and Analysismentioning

confidence: 99%

“…Multiple malicious activities can happen simultaneously on a host or system, especially when it performs missioncritical tasks [1]. If the monitoring capacity (also referred to as monitoring resources throughout this paper) is limited, without thoughtful allocation of these resources, it is possible that some malicious activities will not be captured and identified.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Strategic Monitoring for Efficient Detection of Simultaneous APT Attacks with Limited Resources

Fan¹,

Liu²,

Perigo³

2023

IJACSA

View full text Add to dashboard Cite

Advanced Persistent Threats (APT) are a type of sophisticated multistage cyber attack, and the defense against APT is challenging. Existing studies apply signature-based or behavior-based methods to analyze monitoring data to detect APT, but little research has been dedicated to the important problem of addressing APT detection with limited resources. In order to maintain the primary functionality of a system, the resources allocated for security purposes, for example logging and examining the behavior of a system, are usually constrained. Therefore, when facing multiple simultaneous powerful cyber attacks like APT, the allocation of limited security resources becomes critical. The research in this paper focuses on the threat model where multiple simultaneous APT attacks exist in the defender's system, but the defender does not have sufficient monitoring resources to check every running process. To capture the footprint of multistage activities including APT attacks and benign activities, this work leverages the provenance graph which is constructed based on dependencies of processes. Furthermore, this work studies the monitoring strategy to efficiently detect APT attacks from incomplete information of paths on the provenance graph, by considering both the "exploitation" effect and the "exploration" effect. The contributions of this work are two-fold. First, it extends the classic UCB algorithm in the domain of the multi-armed bandit problem to solve cyber security problems, and proposes to use the malevolence value of a path, which is generated by a novel LSTM neural network as the exploitation term. Second, the consideration of "exploration" is innovative in the detection of APT attacks with limited monitoring resources. The experimental results show that the use of the LSTM neural network is beneficial to enforce the exploitation effect as it satisfies the same property as the exploitation term in the classic UCB algorithm and that by using the proposed monitoring strategy, multiple simultaneous APT attacks are detected more efficiently than using the random strategy and the greedy strategy, regarding the time needed to detect same number of APT attacks.

show abstract

Section: Results and Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Strategic Monitoring for Efficient Detection of Simultaneous APT Attacks with Limited Resources

Fan¹,

Liu²,

Perigo³

2023

IJACSA

View full text Add to dashboard Cite

show abstract

“…Du et al [19] used the evolutionary game theory framework of community to analyze the privacy protection behavior of the social network and designed incentives based on cost performance. Based on the analytic hierarchy process, Zhang et al [20] comprehensively analyzed the impact of mobile target defense technology, proposed an effective strategy selection algorithm based on joint defense, and selected many variation elements to defend different attack.…”

Section: Evolutionary Game Approachmentioning

confidence: 99%

Research on the Optimization Management of Cloud Privacy Strategy Based on Evolution Game

Sun

2020

Security and Communication Networks

View full text Add to dashboard Cite

Cloud computing services have great convenience, but privacy security is a big obstacle of popularity. In the process result of privacy protection of cloud computing, it is difficult to choose the optimal strategy. In order to solve this problem, we propose a quantitative weight model of privacy information, use evolutionary game theory to establish a game model of attack protection, design the optimal protection strategy selection algorithm, and make the evolutionary stable equilibrium solution method from the limited rational constraint. In order to study the strategic dependence of the same game group, the classical dynamic replication equation is improved by using the incentive coefficient, an improved evolutionary game model of attack protection is constructed, the stability of equilibrium point is further analyzed by Jacobian matrix method, and the optimal selection strategy is obtained under different conditions. Finally, the correctness and validity of the model are verified by experiments, different strategies of the same group have the dual effects of promotion and inhibition, and the advantages of this paper are shown by comparing with other articles.

show abstract

“…Hong et al [20] also incorporated MTD techniques into a temporal graph-based graphical security model and developed a new set of dynamic security metrics to assess and compare their effectiveness. Moreover, an evaluation model of MTD effectiveness based on system attack surface (SAS) was proposed by Xiong et al [21], and Zhang et al [22] proposed an efficient strategy selection for MTD, where the analytic hierarchy process (AHP) was employed to quantify the factors affecting the attack and defense costs.…”

Section: Related Workmentioning

confidence: 99%

A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Zhou

Cheng

Jiang

et al. 2019

Proceedings of the 6th ACM Workshop on Moving Target Defense

View full text Add to dashboard Cite

Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new costeffective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks. CCS CONCEPTS• Networks → Denial-of-service attacks; • Security and privacy → Formal security models.

show abstract

Efficient Strategy Selection for Moving Target Defense Under Multiple Attacks

Cited by 14 publications

References 48 publications

Strategic Monitoring for Efficient Detection of Simultaneous APT Attacks with Limited Resources

Strategic Monitoring for Efficient Detection of Simultaneous APT Attacks with Limited Resources

Research on the Optimization Management of Cloud Privacy Strategy Based on Evolution Game

A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Contact Info

Product

Resources

About