1 research outputs found
Optimizing Vulnerability-Driven Honey Traffic Using Game Theory
Enterprises are increasingly concerned about adversaries that slowly and
deliberately exploit resources over the course of months or even years. A key
step in this kill chain is network reconnaissance, which has historically been
active (e.g., network scans) and therefore detectable. However, new networking
technology increases the possibility of passive network reconnaissance, which
will be largely undetectable by defenders. In this paper, we propose Snaz, a
technique that uses deceptively crafted honey traffic to confound the knowledge
gained through passive network reconnaissance. We present a two-player
non-zero-sum Stackelberg game model that characterizes how a defender should
deploy honey traffic in the presence of an adversary who is aware of Snaz. In
doing so, we demonstrate the existence of optimal defender strategies that will
either dissuade an adversary from acting on the existence of real
vulnerabilities observed within network traffic, or reveal the adversary's
presence when it attempts to unknowingly attack an intrusion detection node