A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications

机译：Web应用中移动目标防御的战略生成的游戏理论方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

The present complexity in designing web applications makes software security a difficult goal to achieve. An attacker can explore a deployed service on the web and attack at his/her own leisure. Moving Target Defense (MTD) in web applications is an effective mechanism to nullify this advantage of their reconnaissance but the framework demands a good switching strategy when switching between multiple configurations for its web-stack. To address this issue, we propose the modeling of a real world MTD web application as a repeated Bayesian game. We formulate an optimization problem that generates an effective switching strategy while considering the cost of switching between different web-stack configurations. To use this model for a developed MTD system, we develop an automated system for generating attack sets of Common Vulnerabilities and Exposures (CVEs) for input attacker types with predefined capabilities Our framework obtains realistic reward values for the players (defenders and attackers) in this game by using security domain expertise on CVEs obtained from the National Vulnerability Database (NVD). We also address the issue of prioritizing vulnerabilities that when fixed, improves the security of the MTD system. Lastly, we demonstrate the robustness of our proposed model by evaluating its performance when there is uncertainty about input attacker information.

机译：设计Web应用程序的目前复杂性使软件安全成为实现的难度目标。攻击者可以探索网络上的部署服务并攻击他/她自己的休闲。在Web应用程序中移动目标防御（MTD）是一种有效的机制，可以实现其侦察的这种优势，但框架在其Web堆栈之间切换多个配置之间需要良好的切换策略。为了解决这个问题，我们建议将真实世界MTD Web应用程序的建模为重复的贝叶斯游戏。我们制定了一个优化问题，它在考虑在不同的Web堆叠配置之间切换的成本，产生有效的交换策略。要将此模型用于开发的MTD系统，我们开发了一种自动化系统，用于生成常见漏洞和曝光（CVES）的攻击组，用于输入攻击者类型，具有预定义的功能我们的框架在此获得播放器（防御者和攻击者）的现实奖励价值游戏通过在国家漏洞数据库（NVD）中获得的CVES上使用安全域专业知识。我们还解决了优先顺序漏洞的问题，即修复时，提高了MTD系统的安全性。最后，我们通过评估输入攻击者信息的不确定性时，通过评估其性能来展示我们提出的模型的鲁棒性。

著录项

来源
《International Conference on Autonomous Agents and Multiagent Systems》|2018年|641p|共9页
会议地点
作者
Sailik Sengupta; Satya Gautam Vadlamudi; Subbarao Kambhampati; Adam Doupe; Ziming Zhao; Marthony Taguinod; Gail-Joon Ahn;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP18-53;
关键词

相似文献

外文文献
中文文献
专利

1. Incomplete information Markov game theoretic approach to strategy generation for moving target defense [J] . Lei Cheng, Zhang Hong-Qi, Wan Li-Ming, Computer Communications . 2018,第JANa期

机译：信息不完全的马尔可夫博弈理论用于运动目标防御的策略生成。
2. Optimal temporospatial strategy selection approach to moving target defense: A FlipIt differential game model [J] . Jinglei Tan, Hengwei Zhang, Hongqi Zhang, Computers & Security . 2021,第Sepa期

机译：移动目标防御的最佳间隙策略选择方法：一款四维差分游戏模型
3. Optimal strategy selection approach to moving target defense based on Markov robust game [J] . Tan Jing-lei, Lei Cheng, Zhang Hong-qi, Computers & Security . 2019,第AUGa期

机译：基于马尔可夫鲁棒博弈的运动目标防御最优策略选择方法
4. A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications [C] . Sailik Sengupta, Satya Gautam Vadlamudi, Subbarao Kambhampati, International Conference on Autonomous Agents and Multiagent Systems . 2018

机译：Web应用中移动目标防御的战略生成的游戏理论方法
5. Thimblerig: Architectural Moving Target Defense and a Framework for Its Game Theoretic Analysis [D] . Kumar, Gautam. 2017

机译：Thimblerig：建筑移动目标防御及其博弈论分析框架
6. Noncompliance With Safety Guidelines as a Free-Riding Strategy: An Evolutionary Game-Theoretic Approach to Cooperation During the COVID-19 Pandemic [O] . Jose C. Yong, Bryan K. C. Choy 2021

机译：与搭便车策略的安全指南不合规：在Covid-19大流行期间的合作进化游戏方法
7. Optimal Timing Selection Approach to Moving Target Defense: A FlipIt Attack-Defense Game Model [O] . Jing-lei Tan, Heng-wei Zhang, Hong-qi Zhang, 2020

机译：移动目标防御的最佳定时选择方法：一只触发防御游戏模型
8. Simple Game-Theoretic Approach to Suppression of Enemy Defenses and Other Time Critical Target Analyses [R] . Hamilton, T. , Mesic, R. 2004

机译：简单的游戏理论方法来抑制敌人防御和其他时间关键目标分析

A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications

摘要

著录项

相似文献

相关主题

期刊订阅