TY - GEN
T1 - Hardening Critical Infrastructure Networks Against Attacker Reconnaissance
AU - Palani, Kartik
AU - Nicol, David M.
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - The knowledge an attacker gathers about the critical infrastructure network they infiltrate allows them to customize the payload and remain undetected while causing maximum impact. This knowledge is a consequence of internal reconnaissance in the cyber network by lateral movement and is enabled by exploiting discovered vulnerabilities. This stage of the attack is also the longest, thereby giving a defender the biggest opportunity to detect and react to the attacker. This paper helps a defender minimize the information an attacker might gain once in the network. This can be done by curbing lateral movement, misdirecting the attacker or inhibiting reachability to a critical device. We use a linear threshold models of attack propagation to analyze potential attack loss and use this to find actions that a defender might invest in while staying within their budgetary constraints. We show that while finding the best solution subject to these constraints is computationally intractable, the objective function is supermodular, allowing for a tractable technique with a known approximation bound.
AB - The knowledge an attacker gathers about the critical infrastructure network they infiltrate allows them to customize the payload and remain undetected while causing maximum impact. This knowledge is a consequence of internal reconnaissance in the cyber network by lateral movement and is enabled by exploiting discovered vulnerabilities. This stage of the attack is also the longest, thereby giving a defender the biggest opportunity to detect and react to the attacker. This paper helps a defender minimize the information an attacker might gain once in the network. This can be done by curbing lateral movement, misdirecting the attacker or inhibiting reachability to a critical device. We use a linear threshold models of attack propagation to analyze potential attack loss and use this to find actions that a defender might invest in while staying within their budgetary constraints. We show that while finding the best solution subject to these constraints is computationally intractable, the objective function is supermodular, allowing for a tractable technique with a known approximation bound.
UR - http://www.scopus.com/inward/record.url?scp=85097093992&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85097093992&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-59854-9_19
DO - 10.1007/978-3-030-59854-9_19
M3 - Conference contribution
AN - SCOPUS:85097093992
SN - 9783030598532
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 258
EP - 275
BT - Quantitative Evaluation of Systems - 17th International Conference, QEST 2020, Proceedings
A2 - Gribaudo, Marco
A2 - Jansen, David N.
A2 - Remke, Anne
PB - Springer
T2 - 17th International Conference on Quantitative Evaluation Systems, QEST 2020
Y2 - 31 August 2020 through 3 September 2020
ER -