Go to DBLP homepageSynthesis of Proactive Sensor Placement In Probabilistic Attack Graphs
Abstract: This paper studies the deployment of joint moving target defense (MTD) and deception against multi-stage cyber-attacks. Given the system equipped with MTD that randomizes between different configurations, we investigate how to allocate a bounded number of sensors in each configuration to optimize the probability of detecting the attack before the attacker achieves its objective. Specifically, two types of sensors are considered: intrusion detectors that are observable by the attacker and stealthy sensors that are not observable to the attacker. We propose a two-step optimization-based approach: Firstly, the defender allocates intrusion detectors assuming the attacker will best respond to evade detection. Secondly, the defender will allocate stealthy sensors, given the best response attack strategy computed in the first step, to further reduce the attacker’s chance of success. We illustrate the effectiveness of the proposed methods using a cyber defense example.
Loading