Manipulating the attacker's view of a system's attack surface

机译：操纵攻击者对系统攻击表面的看法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Cyber attacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, and unpatched vulnerabilities. Unfortunately, when system configurations are static, attackers will always be able, given enough time, to acquire accurate knowledge about the target system and engineer effective exploits. To address this important problem, many adaptive techniques have been devised to dynamically change some aspects of a system's configuration in order to introduce uncertainty for the attacker. In this paper, we advance the state of the art in adaptive defense by looking at the problem from a control perspective and proposing a graph-based approach to manipulate the attacker's view of a system's attack surface. To achieve this objective, we formalize the notion of system view and distance between views. We then define a principled approach to manipulate responses to attacker's probes so as to induce an external view of the system that satisfies certain desirable properties. In particular, we propose efficient algorithmic solutions to different classes of problems, namely (i) inducing an external view that is at a minimum distance from the internal view while minimizing the cost for the defender; (ii) inducing an external view that maximizes the distance from the internal view, given an upper bound on the admissible cost for the defender. Experiments conducted on a prototypal implementation of the proposed algorithms confirm that our approach is efficient and effective in steering the attackers away from critical resources.

机译：网络攻击通常在侦察阶段之前，其中攻击者的目标是收集有关目标系统的有价值的信息，包括网络拓扑，服务依赖性和未括的漏洞。遗憾的是，当系统配置静态时，攻击者将始终能够获得足够的时间，以获得关于目标系统和工程师有效利用的准确了解。为了解决这一重要问题，已经设计了许多自适应技术来动态改变系统配置的一些方面，以便为攻击者介绍不确定性。在本文中，我们通过从控制角度来看解决问题并提出基于图形的方法来操纵攻击者的系统攻击表面的视图，推进自适应防御状态。为了实现这一目标，我们将系统视图和视图之间距离的概念正式化。然后，我们定义了一个原理的方法来操纵对攻击者的探针的响应，以便诱导满足某些所需特性的系统的外观。特别是，我们向不同类别的问题提出了高效的算法解决方案，即（i）诱导与内部视图最小的外部视图，同时最小化防御者的成本; （ii）诱导外部视图，以使距离内部视图的距离最大化，给出了对后卫的可允许费用的上限。在拟议算法的原型实施上进行的实验证实，我们的方法是有效且有效地转向远离关键资源的攻击者。

著录项

来源
《IEEE Conference on Communications and Network Security》|2014年||共9页
会议地点
作者
Albanese Massimiliano; Battista Ermanno; Jajodia Sushil; Casola V.;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类通信;
关键词
IP networks; computer network security; adaptive defense; admissible cost; attacker probes; attacker view manipulation; control perspective; critical resources; cyber attacks; defender cost minimization; external view; graph-based approach; information collection; internal view; knowledge acquition; minimum distance; network topology; principled approach; reconnaissance phase; service dependencies; static system configurations; system attack surface; system view distance; target system; unpatched vulnerabilities; upper bound; Adaptive systems; Communication networks; Conferences; Operating systems; Probes; Security; Servers;

机译：IP网络;计算机网络安全;适应性防范;攻击者探测;攻击者视图操纵;控制视角;关键资源;网络攻击;外部视图;基于图形的方法;信息收集;内部视图;最小距离;网络拓扑;原理方法;侦察阶段;服务依赖性;静态系统配置;系统攻击表面;系统视图距离;目标系统;未被斑点的漏洞;上限;适应网络;通信网络;探索;探针;安全;服务器;

相似文献

外文文献
中文文献
专利

1. Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience Against Zero-Day Attacks [J] . Zhang Mengyuan, Wang Lingyu, Jajodia Sushil, IEEE transactions on dependable and secure computing . 2021,第1期

机译：网络攻击表面：将攻击面的概念提升到网络水平，以评估网络对零攻击的恢复力
2. An Overview on Denial-of-Service Attacks in Control Systems: Attack Models and Security Analyses [J] . Ahmet Cetinkaya, Hideaki Ishii, Tomohisa Hayakawa Entropy . 2019,第2期

机译：控制系统中的拒绝服务攻击概述：攻击模型和安全性分析
3. Dual antiplatelet therapy after stroke or transient ischaemic attack - how long to treat? The duration of aspirin plus clopidogrel in stroke or transient ischaemic attack: a systematic review and meta-analysis [J] . Ge F., Lin H., Liu Y., European journal of neurology: the official journal of the European Federation of Neurological Societies . 2016,第6期

机译：中风或短暂性脑缺血发作后双重抗血小板治疗-治疗多长时间？阿司匹林加氯吡格雷在中风或短暂性脑缺血发作中的持续时间：系统评价和荟萃分析
4. Manipulating the attacker's view of a system's attack surface [C] . Albanese Massimiliano, Battista Ermanno, Jajodia Sushil, IEEE Conference on Communications and Network Security . 2014

机译：操纵攻击者对系统攻击面的看法
5. Embedded Surface Attack on Multivariate Public Key Cryptosystems from Diophantine Equation [D] . Ren, Ai. 2019

机译：嵌入式对多变量公钥密码系统的衍生物从蒸氨定方程
6. Does the initiation of urate-lowering treatment during an acute gout attack prolong the current episode and precipitate recurrent attacks: a systematic literature review [O] . Fatma Eminaga, Jonathan Le-Carratt, Adrian Jones, -1

机译：系统性文献综述在急性痛风发作期间开始降低尿酸盐治疗是否会延长当前发作并加剧复发发作：系统的文献综述
7. Understanding Malicious Attacks Against Infrastructures - Overview on the Assessment and Management of Threats and Attacks to Industrial Control Systems [O] . VAMANU BOGDAN, MASERA Marcelo 2008

机译：了解对基础设施的恶意攻击-威胁和攻击对工业控制系统的评估和管理概述

Manipulating the attacker's view of a system's attack surface

摘要

著录项

相似文献

相关主题

期刊订阅