Synthesis of Proactive Sensor Placement In Probabilistic Attack Graphs

This paper studies the deployment of joint moving target defense (MTD) and deception against multi-stage cyberattacks. Given the system equipped with MTD that randomizes between different configurations, we investigate how to allocate a bounded number of sensors in each configuration to optimize the attack detection rate before the attacker achieves its objective. Specifically, two types of sensors are considered: intrusion detectors that are observable by the attacker and stealthy sensors that are not observable to the attacker. We propose a two-step optimization-based approach for allocating intrusion detectors and stealthy sensors: Firstly, the defender allocates intrusion detectors assuming the attacker will best respond to evade detection by intrusion detectors. Secondly, the defender will allocate stealthy sensors, given the best response attack strategy computed in the first step, to further reduce the attacker's chance of success. We illustrate the effectiveness of the proposed methods using a cyber defense example.