# Keeping Intruders at Large - A Graph-theoretic Approach to Reducing the Probability of Successful Network Intrusions

### Paulo Shakarian, Damon Paulo, Massimiliano Albanese, Sushil Jajodia

#### Abstract

It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honeynets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this paper, we propose a different and more realistic approach, which aims at delaying intrusions, so as to control the probability that an intruder will reach a certain goal within a specified amount of time. Our method relies on analyzing a graphical representation of the computer network’s logical layout and an associated probabilistic model of the adversary’s behavior. We then artificially modify this representation by adding “distraction clusters” – collections of interconnected virtual machines – at key points of the network in order to increase complexity for the intruders and delay the intrusion. We study this problem formally, showing it to be NP-hard and then provide an approximation algo- rithm that exhibits several useful properties. Finally, we present experimental results obtained on a prototypal implementation of the proposed framework.

#### References

- Abbasi, F., Harris, R., Moretti, G., Haider, A., and Anwar, N. (2012). Classification of malicious network streams using honeynets. In Global Communications Conference (GLOBECOM), pages 891-897.
- Alpcan, T. and Baar, T. (2010). Network Security: A Decision and Game-Theoretic Approach. Cambridge University Press, New York, NY, USA, 1st edition.
- Chen, C.-M., Cheng, S.-T., and Zeng, R.-Y. (2013). A proactive approach to intrusion detection and malware collection. Security and Communication Networks, 6(7):844-853.
- Chen, W., Wang, C., and Wang, Y. (2010). Scalable influence maximization for prevalent viral marketing in large-scale social networks. In Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1029-1038.
- Evans, D., Nguyen-Tuong, A., and Knight, J. C. (2011). Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, chapter Effectiveness of Moving Target Defenses, pages 29-48. Springer.
- Feige, U. (1998). A threshold of ln n for approximating set cover. J. ACM, 45(4):634-652.
- Jajodia, S., Ghosh, A. K., Subrahmanian, V. S., Swarup, V., Wang, C., and Wang, X. S., editors (2013). Moving Target Defense II: Application of Game Theory and Adversarial Modeling, volume 100 of Advances in Information Security. Springer, 1st edition.
- Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., and Wang, X. S., editors (2011). Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, volume 54 of Advances in Information Security. Springer.
- Manadhata, P. K. and Wing, J. M. (2011). An attack surface metric. IEEE Transactions on Software Engineering, 37(3):371-386.
- Nemhauser, G. L., Wolsey, L. A., and Fisher, M. (1978). An analysis of approximations for maximizing submodular set functionsi. Mathematical Programming, 14(1):265-294.
- Píbil, R., LisÉ, V., Kiekintveld, C., BosanskÉ, B., and Pechoucek, M. (2012). Game theoretic model of strategic honeypot selection in computer networks. In GameSec, pages 201-220.
- Shakarian, P., Shakarian, J., and Ruef, A. (2013). Introduction to Cyber-Warfare: A Multidisciplinary Approach. Syngress.
- Sweeney, P. and Cybenko, G. (2012). An analytic approach to cyber adversarial dynamics. In SPIE Defense, Security, and Sensing, pages 835906-835906. International Society for Optics and Photonics.
- Williamson, S. A., Varakantham, P., Hui, O. C., and Gao, D. (2012). Active malware analysis using stochastic games. In Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems - Volume 1, AAMAS 7812, pages 29-36, Richland, SC. International Foundation for Autonomous Agents and Multiagent Systems. However, as dk|S| + X > k|S| + 1 and as |S| + 1 > X , this give us a contradiction, completing the proof.

#### Paper Citation

#### in Harvard Style

Shakarian P., Paulo D., Albanese M. and Jajodia S. (2014). **Keeping Intruders at Large - A Graph-theoretic Approach to Reducing the Probability of Successful Network Intrusions** . In *Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)* ISBN 978-989-758-045-1, pages 19-30. DOI: 10.5220/0005013800190030

#### in Bibtex Style

@conference{secrypt14,

author={Paulo Shakarian and Damon Paulo and Massimiliano Albanese and Sushil Jajodia},

title={Keeping Intruders at Large - A Graph-theoretic Approach to Reducing the Probability of Successful Network Intrusions},

booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},

year={2014},

pages={19-30},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0005013800190030},

isbn={978-989-758-045-1},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)

TI - Keeping Intruders at Large - A Graph-theoretic Approach to Reducing the Probability of Successful Network Intrusions

SN - 978-989-758-045-1

AU - Shakarian P.

AU - Paulo D.

AU - Albanese M.

AU - Jajodia S.

PY - 2014

SP - 19

EP - 30

DO - 10.5220/0005013800190030