Hardening Critical Infrastructure Networks Against Attacker Reconnaissance

Kartik Palani, David M. Nicol

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The knowledge an attacker gathers about the critical infrastructure network they infiltrate allows them to customize the payload and remain undetected while causing maximum impact. This knowledge is a consequence of internal reconnaissance in the cyber network by lateral movement and is enabled by exploiting discovered vulnerabilities. This stage of the attack is also the longest, thereby giving a defender the biggest opportunity to detect and react to the attacker. This paper helps a defender minimize the information an attacker might gain once in the network. This can be done by curbing lateral movement, misdirecting the attacker or inhibiting reachability to a critical device. We use a linear threshold models of attack propagation to analyze potential attack loss and use this to find actions that a defender might invest in while staying within their budgetary constraints. We show that while finding the best solution subject to these constraints is computationally intractable, the objective function is supermodular, allowing for a tractable technique with a known approximation bound.

Original languageEnglish (US)
Title of host publicationQuantitative Evaluation of Systems - 17th International Conference, QEST 2020, Proceedings
EditorsMarco Gribaudo, David N. Jansen, Anne Remke
PublisherSpringer
Pages258-275
Number of pages18
ISBN (Print)9783030598532
DOIs
StatePublished - 2020
Event17th International Conference on Quantitative Evaluation Systems, QEST 2020 - Vienna, Austria
Duration: Aug 31 2020Sep 3 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12289 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference17th International Conference on Quantitative Evaluation Systems, QEST 2020
Country/TerritoryAustria
CityVienna
Period8/31/209/3/20

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Hardening Critical Infrastructure Networks Against Attacker Reconnaissance'. Together they form a unique fingerprint.

Cite this