Abstract
Cyber deception is an approach where the network administrators can deploy a network of decoy assets with the aim to expend adversaries’ resources and time and gather information about the adversaries’ strategies, tactics, capabilities, and intent. The key challenge in this cyber deception approach is the design and placement of network decoys to ensure maximal information uncertainty for the attackers. State-of-the-art approaches to address this design and placement problem assume a static environment and apriori strategies taken by the attacker. In this paper, we propose the design and placement of network decoys considering scenarios where defender’s action influence an attacker to change its strategies and tactics dynamically while maintaining the trade-off between availability and security. The defender maintains a belief consisting of security state and the resultant actions are modeled as Partially Observable Markov Decision Process (POMDP). Our simulation results illustrate the defender’s increasing ability to influence the attacker’s attack path to comprise of fake nodes and networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Achleitner, S., La Porta, T.F., McDaniel, P., Sugrim, S., Krishnamurthy, S.V., Chadha, R.: Deceiving network reconnaissance using sdn-based virtual topologies. IEEE Trans. Network Serv. Manag. 14(4), 1098–1112 (2017)
Albanese, M., Battista, E., Jajodia, S., Casola, V.: Manipulating the attacker’s view of a system’s attack surface. In: 2014 IEEE Conference on Communications and Network Security (CNS), pp. 472–480. IEEE (2014)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM (2002)
Auer, P., Cesa-Bianchi, N., Fischer, P.: Finite-time analysis of the multiarmed bandit problem. Mach. Learn. 47(2–3), 235–256 (2002)
Coulom, R.: Efficient selectivity and backup operators in Monte-Carlo tree search. In: van den Herik, H.J., Ciancarini, P., Donkers, H.H.L.M.J. (eds.) CG 2006. LNCS, vol. 4630, pp. 72–83. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75538-8_7
Duan, Q., Al-Shaer, E., Jafarian, H.: Efficient random route mutation considering flow and network constraints. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 260–268. IEEE (2013)
Emami, P., Hamlet, A.J., Crane, C.: Pomdpy: an extensible framework for implementing pomdps in python (2015)
Hasan, K., Shetty, S., Hassanzadeh, A., Salem, M.B., Chen, J.: Modeling cost of countermeasures in software defined networking-enabled energy delivery systems. In: 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1–9. IEEE (2018)
Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness. ADIS, pp. 139–154. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-0140-8_7
Kocsis, L., Szepesvári, C.: Bandit based Monte-Carlo planning. In: Fürnkranz, J., Scheffer, T., Spiliopoulou, M. (eds.) ECML 2006. LNCS (LNAI), vol. 4212, pp. 282–293. Springer, Heidelberg (2006). https://doi.org/10.1007/11871842_29
Kurniawati, H., Hsu, D., Lee, W.S.: Sarsop: efficient point-based pomdp planning by approximating optimally reachable belief spaces. In: Robotics: Science and systems, Zurich, Switzerland, vol. 2008 (2008)
Kurose, J., Ross, W.K.: computer Networking: A Top Down Approach. Addison Wesley, Boston (2007)
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)
Miehling, E., Rasouli, M., Teneketzis, D.: A pomdp approach to the dynamic defense of large-scale cyber networks. IEEE Trans. Inf. Forensics Secur. 13(10), 2490–2505 (2018)
Ross, S., Pineau, J., Paquet, S., Chaib-Draa, B.: Online planning algorithms for pomdps. J. Artif. Intell. Res. 32, 663–704 (2008)
Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems, pp. 892–900. International Foundation for Autonomous Agents and Multiagent Systems (2018)
Silver, D., Veness, J.: Monte-carlo planning in large pomdps. In: Advances in Neural Information Processing systems, pp. 2164–2172 (2010)
Trassare, S.T., Beverly, R., Alderson, D.: A technique for network topology deception. In: Military Communications Conference, MILCOM 2013–2013 IEEE, pp. 1795–1800. IEEE (2013)
Ullah, S., Shetty, S., Hassanzadeh, A.: Towards modeling attacker’s opportunity for improving cyber resilience in energy delivery systems. In: 2018 Resilience Week (RWS), pp. 100–107, August 2018. https://doi.org/10.1109/RWEEK.2018.8473511
Acknowledgment
This work is supported by the Office of the Assistant Secretary of Defense for Research and Engineering (OASD (R & E)) agreement FA8750-15-2-0120.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Amin, M.A.R.A., Shetty, S., Njilla, L., Tosh, D.K., Kamhoua, C. (2019). Online Cyber Deception System Using Partially Observable Monte-Carlo Planning Framework. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 305. Springer, Cham. https://doi.org/10.1007/978-3-030-37231-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-37231-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37230-9
Online ISBN: 978-3-030-37231-6
eBook Packages: Computer ScienceComputer Science (R0)