Optimizing Honeypot Strategies Against Dynamic Lateral Movement Using Partially Observable Stochastic Games

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F19%3A00332702" target="_blank" >RIV/68407700:21230/19:00332702 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1016/j.cose.2019.101579" target="_blank" >https://doi.org/10.1016/j.cose.2019.101579</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.cose.2019.101579" target="_blank" >10.1016/j.cose.2019.101579</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Optimizing Honeypot Strategies Against Dynamic Lateral Movement Using Partially Observable Stochastic Games

Popis výsledku v původním jazyce

Partially observable stochastic games (POSGs) are a general game-theoretic model for capturing dynamic interactions where players have partial information. The existing algorithms for solving subclasses of POSGs have theoretical guarantees for converging to approximate optimal strategies, however, their scalability is limited and they cannot be directly used to solve games of realistic sizes. In our problem, the attacker uses lateral movement through the network in order to reach a specific host, while the defender wants to discover the attacker by dynamically reallocating honeypots. We demonstrate that restricting to a specific domain allows us to substantially improve existing algorithms: (1) we formulate a compact representation of uncertainty the defender faces, (2) we exploit the incremental strategy-generation method that over iterations expands the possible actions for players. The experimental evaluation shows that our novel algorithms scale several orders of magnitude better compared to the existing state of the art.

Název v anglickém jazyce

Optimizing Honeypot Strategies Against Dynamic Lateral Movement Using Partially Observable Stochastic Games

Popis výsledku anglicky

Partially observable stochastic games (POSGs) are a general game-theoretic model for capturing dynamic interactions where players have partial information. The existing algorithms for solving subclasses of POSGs have theoretical guarantees for converging to approximate optimal strategies, however, their scalability is limited and they cannot be directly used to solve games of realistic sizes. In our problem, the attacker uses lateral movement through the network in order to reach a specific host, while the defender wants to discover the attacker by dynamically reallocating honeypots. We demonstrate that restricting to a specific domain allows us to substantially improve existing algorithms: (1) we formulate a compact representation of uncertainty the defender faces, (2) we exploit the incremental strategy-generation method that over iterations expands the possible actions for players. The experimental evaluation shows that our novel algorithms scale several orders of magnitude better compared to the existing state of the art.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

Výsledek vznikl pri realizaci vícero projektů. Více informací v záložce Projekty.

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Computers & Security

ISSN

0167-4048

e-ISSN

1872-6208

Svazek periodika

87

Číslo periodika v rámci svazku

November

Stát vydavatele periodika

GB - Spojené království Velké Británie a Severního Irska

Počet stran výsledku

15

Strana od-do

—

Kód UT WoS článku

000494048500012

EID výsledku v databázi Scopus

2-s2.0-85070920708