# Keeping Intruders at Bay: A Graph-theoretic Approach to Reducing the Probability of Successful Network Intrusions

## Abstract

It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding “distraction clusters” – collections of interconnected virtual machines – at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algorithm that exhibits several useful properties. Finally, we compare recent approach for selecting a subset of distraction clusters with our prototypal implementation of the proposed framework and then unveil experimental results.

## Keywords

Moving target defense Adversarial modeling Graph theory## References

- 1.Abbasi, F., Harris, R., Moretti, G., Haider, A., Anwar, N.: Classification of malicious network streams using honeynets. In: Global Communications Conference (GLOBECOM), pp. 891–897 (2012)Google Scholar
- 2.Alpcan, T., Baar, T.: Network Security: A Decision and Game-Theoretic Approach, 1st edn. Cambridge University Press, New York (2010)CrossRefGoogle Scholar
- 3.Chen, C.M., Cheng, S.T., Zeng, R.Y.: A proactive approach to intrusion detection and malware collection. Secur. Commun. Netw.
**6**(7), 844–853 (2013). http://dx.doi.org/10.1002/sec.619 CrossRefGoogle Scholar - 4.Chen, W., Wang, C., Wang, Y.: Scalable influence maximization for prevalent viral marketing in large-scale social networks. In: Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 1029–1038 (2010)Google Scholar
- 5.Evans, D., Nguyen-Tuong, A., Knight, J.C.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Chap. Effectiveness of Moving Target Defenses, p. 29. Springer, New York (2011)CrossRefGoogle Scholar
- 6.Feige, U.: A threshold of ln n for approximating set cover. J. ACM
**45**(4), 634–652 (1998)MathSciNetCrossRefzbMATHGoogle Scholar - 7.Fisher, M.L., Nemhauser, G.L., Wolsey, L.A.: An Analysis of Approximations for Maximizing Submodular Set Functions–II. Springer, Heidelberg (1978) CrossRefGoogle Scholar
- 8.Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Advances in Information Security, vol. 100, 1st edn. Springer, New York (2013) CrossRefGoogle Scholar
- 9.Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Advances in Information Security, vol. 54. Springer, New York (2011)Google Scholar
- 10.Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng.
**37**(3), 371–386 (2011)CrossRefGoogle Scholar - 11.Mirzasoleiman, B., Badanidiyuru, A., Karbasi, A., Vondrák, J., Krause, A.: Lazier than lazy greedy. In: AAAI, pp. 1812–1818 (2015)Google Scholar
- 12.Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012) CrossRefGoogle Scholar
- 13.Shakarian, P., Shakarian, J., Ruef, A.: Introduction to Cyber-Warfare: A Multidisciplinary Approach. Elsevier/Syngress, New York (2013) Google Scholar
- 14.Sweeney, P., Cybenko, G.: An analytic approach to cyber adversarial dynamics. In: SPIE Defense, Security, and Sensing, pp. 835906–835906. International Society for Optics and Photonics (2012)Google Scholar
- 15.Williamson, S.A., Varakantham, P., Hui, O.C., Gao, D.: Active malware analysis using stochastic games. In: Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems, AAMAS 2012, vol. 1, pp. 29–36. International Foundation for Autonomous Agents and Multiagent Systems, Richland, SC (2012). http://dl.acm.org/citation.cfm?id=2343576.2343580