# Attack Graph Obfuscation

**Authors:** Rami Puzis, Hadar Polad, Bracha Shapira

arXiv: 1903.02601 · 2019-03-08

## TL;DR

This paper explores the use of fake vulnerabilities in enterprise networks to deceive attackers, increasing their effort and reducing the likelihood of successful attacks by manipulating attack graph models.

## Contribution

It introduces a method to optimize fake vulnerability placement using combinatorial optimization and demonstrates its effectiveness in a large-scale real network.

## Key findings

- Fake vulnerabilities increase attacker effort and cost.
- Optimized placement of fake vulnerabilities is feasible and effective.
- Deception-based defense can significantly slow down lateral movement.

## Abstract

Before executing an attack, adversaries usually explore the victim's network in an attempt to infer the network topology and identify vulnerabilities in the victim's servers and personal computers. Falsifying the information collected by the adversary post penetration may significantly slower lateral movement and increase the amount of noise generated within the victim's network. We investigate the effect of fake vulnerabilities within a real enterprise network on the attacker performance. We use the attack graphs to model the path of an attacker making its way towards a target in a given network. We use combinatorial optimization in order to find the optimal assignments of fake vulnerabilities. We demonstrate the feasibility of our deception-based defense by presenting results of experiments with a large scale real network. We show that adding fake vulnerabilities forces the adversary to invest a significant amount of effort, in terms of time and exploitability cost.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.02601/full.md

## Figures

20 figures with captions in the complete paper: https://tomesphere.com/paper/1903.02601/full.md

## References

54 references — full list in the complete paper: https://tomesphere.com/paper/1903.02601/full.md

---
Source: https://tomesphere.com/paper/1903.02601