Keeping Intruders at Large
2014
It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with
intruders. However, most current approaches use honeynets relying on the assumption that simply attracting
intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic
approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a
certain goal within a specified amount of time. Our method relies on analyzing a graphical representation
of the computer networkâs logical layout and an associated probabilistic model of the adversaryâs behavior.
We then artificially modify this representation by adding âdistraction clustersâ â collections of interconnected
virtual machines â at key points of the network in order to increase complexity for the intruders and delay the
intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algo-
rithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal
implementation of the proposed framework.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
1
Citations
NaN
KQI