Keeping Intruders at Bay: A Graph-theoretic Approach to Reducing the Probability of Successful Network Intrusions

  • Paulo ShakarianEmail author
  • Nimish Kulkarni
  • Massimiliano Albanese
  • Sushil Jajodia
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 554)


It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding “distraction clusters” – collections of interconnected virtual machines – at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.


Moving target defense Adversarial modeling Graph theory 


  1. 1.
    Abbasi, F., Harris, R., Moretti, G., Haider, A., Anwar, N.: Classification of malicious network streams using honeynets. In: Global Communications Conference (GLOBECOM), pp. 891–897 (2012)Google Scholar
  2. 2.
    Alpcan, T., Baar, T.: Network Security: A Decision and Game-Theoretic Approach, 1st edn. Cambridge University Press, New York (2010)CrossRefGoogle Scholar
  3. 3.
    Chen, C.M., Cheng, S.T., Zeng, R.Y.: A proactive approach to intrusion detection and malware collection. Secur. Commun. Netw. 6(7), 844–853 (2013). CrossRefGoogle Scholar
  4. 4.
    Chen, W., Wang, C., Wang, Y.: Scalable influence maximization for prevalent viral marketing in large-scale social networks. In: Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 1029–1038 (2010)Google Scholar
  5. 5.
    Evans, D., Nguyen-Tuong, A., Knight, J.C.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Chap. Effectiveness of Moving Target Defenses, p. 29. Springer, New York (2011)CrossRefGoogle Scholar
  6. 6.
    Feige, U.: A threshold of ln n for approximating set cover. J. ACM 45(4), 634–652 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Fisher, M.L., Nemhauser, G.L., Wolsey, L.A.: An Analysis of Approximations for Maximizing Submodular Set Functions–II. Springer, Heidelberg (1978) CrossRefGoogle Scholar
  8. 8.
    Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Advances in Information Security, vol. 100, 1st edn. Springer, New York (2013) CrossRefGoogle Scholar
  9. 9.
    Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Advances in Information Security, vol. 54. Springer, New York (2011)Google Scholar
  10. 10.
    Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)CrossRefGoogle Scholar
  11. 11.
    Mirzasoleiman, B., Badanidiyuru, A., Karbasi, A., Vondrák, J., Krause, A.: Lazier than lazy greedy. In: AAAI, pp. 1812–1818 (2015)Google Scholar
  12. 12.
    Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    Shakarian, P., Shakarian, J., Ruef, A.: Introduction to Cyber-Warfare: A Multidisciplinary Approach. Elsevier/Syngress, New York (2013) Google Scholar
  14. 14.
    Sweeney, P., Cybenko, G.: An analytic approach to cyber adversarial dynamics. In: SPIE Defense, Security, and Sensing, pp. 835906–835906. International Society for Optics and Photonics (2012)Google Scholar
  15. 15.
    Williamson, S.A., Varakantham, P., Hui, O.C., Gao, D.: Active malware analysis using stochastic games. In: Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2012, vol. 1, pp. 29–36. International Foundation for Autonomous Agents and Multiagent Systems, Richland, SC (2012).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Paulo Shakarian
    • 1
    Email author
  • Nimish Kulkarni
    • 1
  • Massimiliano Albanese
    • 2
  • Sushil Jajodia
    • 2
    • 3
  1. 1.Arizona State UniversityTempeUSA
  2. 2.George Mason UniversityFairfaxUSA
  3. 3.The MITRE CorporationMcleanUSA

Personalised recommendations