Cyber deception can be a valuable addition to traditional cyber defense mechanisms, especially for modern cloud-native environments with a fading security perimeter. However, pre-built decoys used in classical computer networks are not effective in detecting and mitigating malicious actors due to their inability to blend with the variety of applications in such environments. On the other hand, decoys cloning the deployed microservices of an application can offer a high-fidelity deception mechanism to intercept ongoing attacks within production environments. However, to fully benefit from this approach, it is essential to use a limited amount of decoy resources and devise a suitable cloning strategy to minimize the impact on legitimate services performance. Following this observation, we formulate a non-linear integer optimization problem that maximizes the number of attack paths intercepted by the allocated decoys within a fixed resource budget. Attack paths represent the attacker's movements within the infrastructure as a sequence of violated microservices. We also design a heuristic decoy placement algorithm to approximate the optimal solution and overcome the computational complexity of the proposed formulation. We evaluate the performance of the optimal and heuristic solutions against other schemes that use local vulnerability metrics to select which microservices to clone as decoys. Our results show that the proposed allocation strategy achieves a higher number of intercepted attack paths compared to these schemes while requiring approximately the same number of decoys.
翻译:传统网络网络欺骗可能是传统网络防御机制的一个宝贵补充,特别是对于现代云性环境而言,特别是对于安全范围逐渐缩小的云性环境而言,可以对传统的网络欺骗是一种宝贵的补充;然而,古典计算机网络中使用的预先建造的诱饵,由于无法与此类环境中的各种应用相混合,因此无法发现和减轻恶意行为者;另一方面,诱饵克隆已部署的应用程序的微服务,可以提供一个高不洁的欺骗机制,以拦截生产环境中不断发生的攻击;然而,为了充分利用这一方法,必须使用数量有限的诱饵资源,并制订适当的克隆战略,以尽量减少对合法服务绩效的影响;然而,在进行观察之后,我们制定了一个非线性整齐整齐的优化问题,以最大限度地增加被分配的诱饵在固定资源预算内所拦截的攻击路径的数目。攻击路径代表攻击者在基础设施内移动的微服务,这是被破坏的顺序。我们还设计了一种高性诱饵配置算法,以近似最佳解决办法,并克服拟议公式的计算复杂性。我们评估最佳和超度解决方案的绩效,以对抗其他计划,使用对合法服务性服务绩效的影响。在使用当地脆弱度指标上,我们制定比重度指标,同时选择较高的模型的模型的模型,以显示数字。</s>