TY - GEN
T1 - Optimal Timing in Dynamic and Robust Attacker Engagement during Advanced Persistent Threats
AU - Pawlick, Jeffrey
AU - Nguyen, Thi Thu Hang
AU - Colbert, Edward
AU - Zhu, Quanyan
N1 - Funding Information:
This work is partially supported by an NSF IGERT grant through the Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at New York University, by the grant CNS-1544782, EFRI-1441140, and SES-1541164 from National Science Foundation (NSF) and DE-NE0008571 from the Department of Energy. Research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-17-2-0104. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein.
Publisher Copyright:
© 2019 IFIP.
PY - 2019/6
Y1 - 2019/6
N2 - Advanced persistent threats (APTs) are stealthy attacks which make use of social engineering and deception to give adversaries insider access to networked systems. Against APTs, active defense technologies aim to create and exploit information asymmetry for defenders. In this paper, we study a scenario in which a powerful defender uses honeynets for active defense in order to observe an attacker who has penetrated the network. Rather than immediately eject the attacker, the defender may elect to gather information. We introduce an undiscounted, infinite-horizon Markov decision process on a continuous state space in order to model the defender's problem. We find a threshold of information that the defender should gather about the attacker before ejecting him. Then we study the robustness of this policy using a Stackelberg game. Finally, we simulate the policy for a conceptual network. Our results provide a quantitative foundation for studying optimal timing for attacker engagement in network defense.
AB - Advanced persistent threats (APTs) are stealthy attacks which make use of social engineering and deception to give adversaries insider access to networked systems. Against APTs, active defense technologies aim to create and exploit information asymmetry for defenders. In this paper, we study a scenario in which a powerful defender uses honeynets for active defense in order to observe an attacker who has penetrated the network. Rather than immediately eject the attacker, the defender may elect to gather information. We introduce an undiscounted, infinite-horizon Markov decision process on a continuous state space in order to model the defender's problem. We find a threshold of information that the defender should gather about the attacker before ejecting him. Then we study the robustness of this policy using a Stackelberg game. Finally, we simulate the policy for a conceptual network. Our results provide a quantitative foundation for studying optimal timing for attacker engagement in network defense.
KW - Markov decision process
KW - Security
KW - Stackelberg game
KW - advanced persistent threat
KW - attacker engagement
UR - http://www.scopus.com/inward/record.url?scp=85076390520&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076390520&partnerID=8YFLogxK
U2 - 10.23919/WiOPT47501.2019.9144123
DO - 10.23919/WiOPT47501.2019.9144123
M3 - Conference contribution
AN - SCOPUS:85076390520
T3 - Proceedings - 17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019
BT - Proceedings - 17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019
A2 - de Pelligrini, Francesco
A2 - de Pelligrini, Francesco
A2 - Saad, Walid
A2 - Tan, Chee Wei
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019
Y2 - 3 June 2019 through 7 June 2019
ER -