Go to DBLP homepageLWVN: A Lightweight Virtual Network View Method to Defend Lateral Movement
Abstract: Due to traditional network topologies’ static and homomorphic characteristics, attackers can rapidly expand their attack results through lateral movement (LM) attacks. Virtual Network View technology has emerged as an effective approach to disrupt attackers’ ability to detect and exploit network topologies during LM and can increase the difficulty of malicious activities. However, existing Virtual Network View deployS virtual views for each core asset, resulting in wasting of resource. To alleviate this problem, we propose a lightweight Virtual Network View deployment method called LWVN. First, the Location Centrality (LC) of the network nodes in the attack path is measured, the larger the LC is, the network node is more important and the more virtual network view costs we can invest. To further quantify the comprehensive impact of network nodes’ location centrality on high-value assets, we quantify the Assets’ Value(AV). Then, we model internal network risk and operational costs as constraints and find the optimal strategies for deploying a virtual network view. We define metrics for hidden capacity, detect capacity, and deployment cost to measure the effectiveness of deployment virtual network views. We conduct simulations to verify the effectiveness and feasibility of LWVN.
Loading