Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker's state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests.
|Number of pages||13|
|Journal||IEEE Transactions on Information Forensics and Security|
|Publication status||Published - 2017 Nov|
Bibliographical noteFunding Information:
Manuscript received November 30, 2016; accepted May 23, 2017. Date of publication June 1, 2017; date of current version July 26, 2017. This work was supported in part by ARO under Grant W911NF1410358, Grant W911NF1310421, and Grant W911NF1510576, in part by ONR under Grant N000141512742, Grant N000141512007, and Grant N000141612896 (any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the ONR), in part by MIUR under Grant PON03PE_00032_2, in part by EU H2020 Research and Innovation Program through the Marie Sklodowska-Curie under Grant N690974, and in part by CON-ICET, Agencia Nacional de Promoción Científica y Tecnológica, and Universidad Nacional del Sur, Argentina. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Sheng Zhong. (Corresponding author: Andrea Pugliese.) S. Jajodia is with George Mason University, Fairfax, VA 22030-4422 USA (e-mail: firstname.lastname@example.org).
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications