A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propos...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Security and communication networks 2021-10, Vol.2021, p.1-15
Hauptverfasser: Gao, Yazhuo, Zhang, Guomin, Xing, Changyou
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Deception
Decision making
Defense
Game theory
Machine learning
Multiphase
Neural networks
Optimization
Path predictors
Software-defined networking
Strategy
Topology
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 15
container_issue
container_start_page 1
container_title Security and communication networks
container_volume 2021
creator Gao, Yazhuo
Zhang, Guomin
Xing, Changyou
description As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.
doi_str_mv 10.1155/2021/6378218
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2589582726</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2589582726</sourcerecordid><originalsourceid>FETCH-LOGICAL-c337t-110a9c950d34bb26f60ac582d0660b0b6cbfef4e336e9023c07e4e1da01fed593</originalsourceid><addsrcrecordid>eNp9kD1PwzAURSMEEqWw8QMsMUKoPxKnGUsLtFIrOgBr5DgvxCWxg-0IhV9PqlaMTO8O594nnSC4JviekDieUEzJhLNkSsn0JBiRlKUhJpSe_mUSnQcXzu0w5iRKolGgZ2jT1V61lXCAFr0WjZJoAW1t-ga0RxuQldDKNciU6F1Z34la_UCBlkZD3xrv0MNQLZDRaKU91LX62Pdm3gv5ibbCV2hroVDSK6Mvg7NS1A6ujnccvD09vs6X4frleTWfrUPJWOJDQrBIZRrjgkV5TnnJsZDxlBaYc5zjnMu8hDICxjikmDKJE4iAFAKTEoo4ZePg5rDbWvPVgfPZznRWDy8zGk_TYSqhfKDuDpS0xjkLZdZa1QjbZwRne6PZ3mh2NDrgtwe8UroQ3-p_-hdyK3ZM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2589582726</pqid></control><display><type>article</type><title>A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction</title><source>Wiley-Blackwell Open Access Titles</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>Alma/SFX Local Collection</source><creator>Gao, Yazhuo ; Zhang, Guomin ; Xing, Changyou</creator><contributor>Babaie, Shahram ; Shahram Babaie</contributor><creatorcontrib>Gao, Yazhuo ; Zhang, Guomin ; Xing, Changyou ; Babaie, Shahram ; Shahram Babaie</creatorcontrib><description>As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2021/6378218</identifier><language>eng</language><publisher>London: Hindawi</publisher><subject>Algorithms ; Deception ; Decision making ; Defense ; Game theory ; Machine learning ; Multiphase ; Neural networks ; Optimization ; Path predictors ; Software-defined networking ; Strategy ; Topology</subject><ispartof>Security and communication networks, 2021-10, Vol.2021, p.1-15</ispartof><rights>Copyright © 2021 Yazhuo Gao et al.</rights><rights>Copyright © 2021 Yazhuo Gao et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c337t-110a9c950d34bb26f60ac582d0660b0b6cbfef4e336e9023c07e4e1da01fed593</citedby><cites>FETCH-LOGICAL-c337t-110a9c950d34bb26f60ac582d0660b0b6cbfef4e336e9023c07e4e1da01fed593</cites><orcidid>0000-0001-6917-0225 ; 0000-0003-0132-7040</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><contributor>Babaie, Shahram</contributor><contributor>Shahram Babaie</contributor><creatorcontrib>Gao, Yazhuo</creatorcontrib><creatorcontrib>Zhang, Guomin</creatorcontrib><creatorcontrib>Xing, Changyou</creatorcontrib><title>A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction</title><title>Security and communication networks</title><description>As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.</description><subject>Algorithms</subject><subject>Deception</subject><subject>Decision making</subject><subject>Defense</subject><subject>Game theory</subject><subject>Machine learning</subject><subject>Multiphase</subject><subject>Neural networks</subject><subject>Optimization</subject><subject>Path predictors</subject><subject>Software-defined networking</subject><subject>Strategy</subject><subject>Topology</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>RHX</sourceid><sourceid>BENPR</sourceid><recordid>eNp9kD1PwzAURSMEEqWw8QMsMUKoPxKnGUsLtFIrOgBr5DgvxCWxg-0IhV9PqlaMTO8O594nnSC4JviekDieUEzJhLNkSsn0JBiRlKUhJpSe_mUSnQcXzu0w5iRKolGgZ2jT1V61lXCAFr0WjZJoAW1t-ga0RxuQldDKNciU6F1Z34la_UCBlkZD3xrv0MNQLZDRaKU91LX62Pdm3gv5ibbCV2hroVDSK6Mvg7NS1A6ujnccvD09vs6X4frleTWfrUPJWOJDQrBIZRrjgkV5TnnJsZDxlBaYc5zjnMu8hDICxjikmDKJE4iAFAKTEoo4ZePg5rDbWvPVgfPZznRWDy8zGk_TYSqhfKDuDpS0xjkLZdZa1QjbZwRne6PZ3mh2NDrgtwe8UroQ3-p_-hdyK3ZM</recordid><startdate>20211021</startdate><enddate>20211021</enddate><creator>Gao, Yazhuo</creator><creator>Zhang, Guomin</creator><creator>Xing, Changyou</creator><general>Hindawi</general><general>Hindawi Limited</general><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0001-6917-0225</orcidid><orcidid>https://orcid.org/0000-0003-0132-7040</orcidid></search><sort><creationdate>20211021</creationdate><title>A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction</title><author>Gao, Yazhuo ; Zhang, Guomin ; Xing, Changyou</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c337t-110a9c950d34bb26f60ac582d0660b0b6cbfef4e336e9023c07e4e1da01fed593</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Deception</topic><topic>Decision making</topic><topic>Defense</topic><topic>Game theory</topic><topic>Machine learning</topic><topic>Multiphase</topic><topic>Neural networks</topic><topic>Optimization</topic><topic>Path predictors</topic><topic>Software-defined networking</topic><topic>Strategy</topic><topic>Topology</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Gao, Yazhuo</creatorcontrib><creatorcontrib>Zhang, Guomin</creatorcontrib><creatorcontrib>Xing, Changyou</creatorcontrib><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Gao, Yazhuo</au><au>Zhang, Guomin</au><au>Xing, Changyou</au><au>Babaie, Shahram</au><au>Shahram Babaie</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction</atitle><jtitle>Security and communication networks</jtitle><date>2021-10-21</date><risdate>2021</risdate><volume>2021</volume><spage>1</spage><epage>15</epage><pages>1-15</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.</abstract><cop>London</cop><pub>Hindawi</pub><doi>10.1155/2021/6378218</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0001-6917-0225</orcidid><orcidid>https://orcid.org/0000-0003-0132-7040</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1939-0114
ispartof Security and communication networks, 2021-10, Vol.2021, p.1-15
issn 1939-0114
1939-0122
language eng
recordid cdi_proquest_journals_2589582726
source Wiley-Blackwell Open Access Titles; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; Alma/SFX Local Collection
subjects Algorithms
Deception
Decision making
Defense
Game theory
Machine learning
Multiphase
Neural networks
Optimization
Path predictors
Software-defined networking
Strategy
Topology
title A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T20%3A14%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Multiphase%20Dynamic%20Deployment%20Mechanism%20of%20Virtualized%20Honeypots%20Based%20on%20Intelligent%20Attack%20Path%20Prediction&rft.jtitle=Security%20and%20communication%20networks&rft.au=Gao,%20Yazhuo&rft.date=2021-10-21&rft.volume=2021&rft.spage=1&rft.epage=15&rft.pages=1-15&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2021/6378218&rft_dat=%3Cproquest_cross%3E2589582726%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2589582726&rft_id=info:pmid/&rfr_iscdi=true