Attack Graph Obfuscation
This addresses network security for enterprises by providing a practical deception method to hinder lateral movement, though it is incremental as it builds on existing attack graph and combinatorial optimization techniques.
The paper tackles the problem of slowing down network attackers by introducing fake vulnerabilities into enterprise networks, demonstrating through experiments on a large-scale real network that this deception-based defense significantly increases the attacker's required time and exploitability cost.
Before executing an attack, adversaries usually explore the victim's network in an attempt to infer the network topology and identify vulnerabilities in the victim's servers and personal computers. Falsifying the information collected by the adversary post penetration may significantly slower lateral movement and increase the amount of noise generated within the victim's network. We investigate the effect of fake vulnerabilities within a real enterprise network on the attacker performance. We use the attack graphs to model the path of an attacker making its way towards a target in a given network. We use combinatorial optimization in order to find the optimal assignments of fake vulnerabilities. We demonstrate the feasibility of our deception-based defense by presenting results of experiments with a large scale real network. We show that adding fake vulnerabilities forces the adversary to invest a significant amount of effort, in terms of time and exploitability cost.