Evaluating Deception and Moving Target Defense with Network Attack Simulation
Daniel Reti, Karina Elzer, Daniel Fraunholz, Daniel Schneider,, Hans-Dieter Schotten
TL;DR
This paper presents a simulation-based methodology to evaluate and optimize the deployment of honeypots and moving target defense strategies in network security, aiming to enhance attack detection and disruption efficiently.
Contribution
It introduces a quantitative evaluation framework for honeypots and moving target defense, providing guidelines for optimal deployment and configuration based on attacker and network models.
Findings
Optimal number of honeypots identified
Best network address mutation interval determined
Methodology enables resource-efficient attack disruption
Abstract
In the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception has emerged. Starting from the well-known example of honeypots, many other deception strategies have been developed such as honeytokens and moving target defense, all sharing the objective of creating uncertainty for attackers and increasing the chance for the attacker of making mistakes. In this paper a methodology to evaluate the effectiveness of honeypots and moving target defense in a network is presented. This methodology allows to quantitatively measure the effectiveness in a simulation environment, allowing to make recommendations on how many honeypots to deploy and on how quickly network addresses have to be mutated to effectively…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.