CRJul 31, 2014
Strategic Evolution of Adversaries Against Temporal Platform Diversity Active Cyber DefensesMichael L. Winterrose, Kevin M. Carter
Adversarial dynamics are a critical facet within the cyber security domain, in which there exists a co-evolution between attackers and defenders in any given threat scenario. While defenders leverage capabilities to minimize the potential impact of an attack, the adversary is simultaneously developing countermeasures to the observed defenses. In this study, we develop a set of tools to model the adaptive strategy formulation of an intelligent actor against an active cyber defensive system. We encode strategies as binary chromosomes representing finite state machines that evolve according to Holland's genetic algorithm. We study the strategic considerations including overall actor reward balanced against the complexity of the determined strategies. We present a series of simulation results demonstrating the ability to automatically search a large strategy space for optimal resultant fitness against a variety of counter-strategies.
CRJan 31, 2014
Quantitative Analysis of Active Cyber Defenses Based on Temporal Platform DiversityKevin M. Carter, Hamed Okhravi, James Riordan
Active cyber defenses based on temporal platform diversity have been proposed as way to make systems more resistant to attacks. These defenses change the properties of the platforms in order to make attacks more complicated. Unfortunately, little work has been done on measuring the effectiveness of these defenses. In this work, we use four different approaches to quantitatively analyze these defenses; an abstract analysis studies the algebraic models of a temporal platform diversity system; a set of experiments on a test bed measures the metrics of interest for the system; a game theoretic analysis studies the impact of preferential selection of platforms and derives an optimal strategy; finally, a set of simulations evaluates the metrics of interest on the models. Our results from these approaches all agree and yet are counter-intuitive. We show that although platform diversity can mitigate some attacks, it can be detrimental for others. We also illustrate that the benefit from these systems heavily depends on their threat model and that the preferential selection of platforms can achieve better protection.