A Proactive Decoy Selection Scheme for Cyber Deception using MITRE ATT CK
arxiv(2024)
摘要
Cyber deception allows compensating the late response of defenders
countermeasures to the ever evolving tactics, techniques, and procedures (TTPs)
of attackers. This proactive defense strategy employs decoys resembling
legitimate system components to lure stealthy attackers within the defender
environment, slowing and/or denying the accomplishment of their goals. In this
regard, the selection of decoys that can expose the techniques used by
malicious users plays a central role to incentivize their engagement. However,
this is a difficult task to achieve in practice, since it requires an accurate
and realistic modeling of the attacker capabilities and his possible targets.
In this work, we tackle this challenge and we design a decoy selection scheme
that is supported by an adversarial modeling based on empirical observation of
real-world attackers. We take advantage of a domain-specific threat modelling
language using MITRE ATT CK framework as source of attacker TTPs targeting
enterprise systems. In detail, we extract the information about the execution
preconditions of each technique as well as its possible effects on the
environment to generate attack graphs modeling the adversary capabilities.
Based on this, we formulate a graph partition problem that minimizes the number
of decoys detecting a corresponding number of techniques employed in various
attack paths directed to specific targets. We compare our optimization-based
decoy selection approach against several benchmark schemes that ignore the
preconditions between the various attack steps. Results reveal that the
proposed scheme provides the highest interception rate of attack paths using
the lowest amount of decoys.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要