Hybrid Adversarial Defense: Merging Honeypots and Traditional Security Methods
V.S. Subrahmanian (Dartmouth), T. Chakraborty (IITD), S. Jajodia (George Mason), N. Parl (University of North Carolina), A. Pugliese (University of Calabria), E. Serra (Boise State)
- Past work on honeypot placement assumes that the only security measures being used are honeypots. But this is wrong.
- Given m honeypots and m traditional security software (e.g. firewalls, IDSs):
- where should the two types of security models be deployed to maximize security?
- How do we simultaneously patch and deactivate buggy software?
Key Science Methods & Advances
- Developed a Stackelberg-game model for the defender to model the attacker’s behavior.
- Developed Attacker Belief Evolution Trees that enable the defender to model the attacker’s beliefs.
- Showed that the problem of simultaneously placing both honeypots and traditional defenses is in EXPTIME and
- is NP-hard.
- Developed both the H_Exact and H_Greedy algorithms to find the best solution and a fast, but suboptimal solution, respectively.
- Implemented both
Results & Impacts
- H_Greedy is guaranteed to produce an approximate solution in polynomial time.
- Experiments show that H_Greedy works very well, producing solutions that protect the network 93-98% as well as the optimal solution would, while usually taking less than half the time to run.