MultiRHM: Defeating multi-staged enterprise intrusion attacks through multi-dimensional and multi-parameter host identity anonymization

Advanced and persistent multi-staged intrusion attacks are usually conducted by elite well-resourced cyber threat actors with the goal of bypassing the defense-in-depth and zoning policies of enterprise networks and accessing critical internal assets which are embedded deep in the target network (Hutchins, Cloppert, Amin, et al., 2011, Wilkens, Ortmann, Haas, Vallentin, Fischer). Starting from an externally reachable host, these attacks compromise a chain of network hosts until they reach their targets. Each compromised host could provide attackers access to new systems and network zones, thus enabling them to intrude deeper into the network. While conventional detection-based mechanisms are necessary to defeat such attacks, they are not enough as they can be evaded by stealthy or zero-day attack techniques.