A Probabilistic Logic of Cyber Deception

Sushil Jajodia; Noseong Park; Fabio Pierazzi; Andrea Pugliese; Edoardo Serra; Gerardo Simari; V. S. Subrahmanian

doi:10.1109/TIFS.2017.2710945

A Probabilistic Logic of Cyber Deception

Sushil Jajodia, Noseong Park, Fabio Pierazzi, Andrea Pugliese^*, Edoardo Serra, Gerardo Simari, V. S. Subrahmanian

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

42 Citations (Scopus)

341 Downloads (Pure)

Abstract

Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker's state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests.

Original language	English
Article number	7937934
Pages (from-to)	2532-2544
Number of pages	13
Journal	IEEE Transactions on Information Forensics and Security
Volume	12
Issue number	11
Early online date	20 Jun 2017
DOIs	https://doi.org/10.1109/TIFS.2017.2710945
Publication status	Published - 1 Nov 2017

Keywords

Computational and artificial intelligence
computer networks
computer security
logic-probabilistic logic
network security

Access to Document

10.1109/TIFS.2017.2710945

A Probabilistic Logic of_JAJODIA_Accepted23May2017Publishedonline20June2017_GREEN AAM
(©2017 IEEE))
Accepted author manuscript, 726 KB

Cite this

@article{30921bf0e2324fdc886313bd47344d44,

title = "A Probabilistic Logic of Cyber Deception",

abstract = "Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker's state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests.",

keywords = "Computational and artificial intelligence, computer networks, computer security, logic-probabilistic logic, network security",

author = "Sushil Jajodia and Noseong Park and Fabio Pierazzi and Andrea Pugliese and Edoardo Serra and Gerardo Simari and Subrahmanian, {V. S.}",

year = "2017",

month = nov,

day = "1",

doi = "10.1109/TIFS.2017.2710945",

language = "English",

volume = "12",

pages = "2532--2544",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "11",

}

TY - JOUR

T1 - A Probabilistic Logic of Cyber Deception

AU - Jajodia, Sushil

AU - Park, Noseong

AU - Pierazzi, Fabio

AU - Pugliese, Andrea

AU - Serra, Edoardo

AU - Simari, Gerardo

AU - Subrahmanian, V. S.

PY - 2017/11/1

Y1 - 2017/11/1

N2 - Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker's state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests.

AB - Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker's state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests.

KW - Computational and artificial intelligence

KW - computer networks

KW - computer security

KW - logic-probabilistic logic

KW - network security

UR - http://www.scopus.com/inward/record.url?scp=85029311206&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2017.2710945

DO - 10.1109/TIFS.2017.2710945

M3 - Article

AN - SCOPUS:85029311206

SN - 1556-6013

VL - 12

SP - 2532

EP - 2544

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

IS - 11

M1 - 7937934

ER -

A Probabilistic Logic of Cyber Deception

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this