In the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception has emerged. Starting from the well-known example of honeypots, many other deception strategies have been developed such as honeytokens and moving target defense, all sharing the objective of creating uncertainty for attackers and increasing the chance for the attacker of making mistakes. In this paper a methodology to evaluate the effectiveness of honeypots and moving target defense in a network is presented. This methodology allows to quantitatively measure the effectiveness in a simulation environment, allowing to make recommendations on how many honeypots to deploy and on how quickly network addresses have to be mutated to effectively disrupt an attack in multiple network and attacker configurations. With this optimum, attacks can be detected and slowed down with a minimal resource and configuration overhead. With the provided methodology, the optimal number of honeypots to be deployed and the optimal network address mutation interval can be determined. Furthermore, this work provides guidance on how to optimally deploy and configure them with respect to the attacker model and several network parameters.
翻译:在网络安全领域,随着攻击者之间正在进行的军备竞赛,随着攻击者之间的军备竞赛,寻求新的弱点,绕过防御机制和捍卫者加强其预防、探测和应对战略,出现了新的网络欺骗概念;从众所周知的蜜罐的例子开始,制定了许多其他欺骗策略,如蜂窝和移动目标防御,所有这些策略都具有为攻击者制造不确定性和增加攻击者犯错机会的目标;在本文件中提出了评价蜂窝有效性和移动网络目标防御的方法;这一方法允许对模拟环境中的效力进行定量衡量,以便能够就部署多少蜜罐和网络地址必须如何迅速变异提出建议,以有效扰乱多网络和攻击者配置的攻击;有了这一最佳方法,就可以检测到攻击,并以最少的资源和配置间接费用减缓攻击速度;根据所提供的方法,可以确定部署蜜壶的最佳数目和最佳网络地址的突变间隔。此外,这项工作指导如何在攻击者模型和若干网络参数方面进行最佳部署和配置。