This paper studies the deployment of joint moving target defense (MTD) and deception against multi-stage cyberattacks. Given the system equipped with MTD that randomizes between different configurations, we investigate how to allocate a bounded number of sensors in each configuration to optimize the attack detection rate before the attacker achieves its objective. Specifically, two types of sensors are considered: intrusion detectors that are observable by the attacker and stealthy sensors that are not observable to the attacker. We propose a two-step optimization-based approach for allocating intrusion detectors and stealthy sensors: Firstly, the defender allocates intrusion detectors assuming the attacker will best respond to evade detection by intrusion detectors. Secondly, the defender will allocate stealthy sensors, given the best response attack strategy computed in the first step, to further reduce the attacker's chance of success. We illustrate the effectiveness of the proposed methods using a cyber defense example.
翻译:本文研究了联合移动目标防御(MTD)的部署和针对多阶段网络攻击的欺骗。鉴于配备了MTD的系统,在不同配置之间随机随机,我们调查如何在每一个配置中分配一组约束式传感器,以便在攻击者实现其目标之前优化攻击探测率。具体地说,考虑了两类传感器:攻击者观测到的入侵探测器和攻击者无法观测到的隐形传感器。我们提出了分拨入侵探测器和隐形传感器的两步优化法:首先,防御者分配入侵探测器,假设攻击者最能通过入侵探测器对逃避探测作出反应。第二,防御者将分配隐形传感器,考虑到第一步所计算的最佳应对攻击战略,以进一步减少攻击者的成功机会。我们用网络防御实例说明拟议方法的有效性。