Honeynet games: a game theoretic approach to defending network monitors

Authors:
Jin-Yi Cai;Vinod Yegneswaran;Chris Alfeld;Paul Barford
Affiliations:
Computer Sciences Department, University of Wisconsin, Madison, USA;Computer Sciences Lab, SRI International, Menlo Park, USA;Computer Sciences Department, University of Wisconsin, Madison, USA and Nemean Networks, Madison, USA;Computer Sciences Department, University of Wisconsin, Madison, USA and Nemean Networks, Madison, USA
Venue:
Journal of Combinatorial Optimization
Year:
2011

Citing 12
Cited 0

How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
Internet intrusions: global characteristics and prevalence

SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Adaptive Use of Network-Centric Mechanisms in Cyber-Defense

ISORC '03 Proceedings of the Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing
Characteristics of internet background radiation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Toward understanding distributed blackhole placement

Proceedings of the 2004 ACM workshop on Rapid malcode
Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles
Defending against hitlist worms using network address space randomization

Proceedings of the 2005 ACM workshop on Rapid malcode
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Collapsar: a VM-based architecture for network attack detention center

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerabilities of passive internet threat monitors

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Fast and evasive attacks: highlighting the challenges ahead

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

A honeynet is a portion of routed but otherwise unused address space that is instrumented for network traffic monitoring. It is an invaluable tool for understanding unwanted Internet traffic and malicious attacks. We formalize the problem of defending honeynets from systematic mapping (a serious threat to their viability) as a simple two-person game. The objective of the Attacker is to identify a honeynet with a minimum number of probes. The objective of the Defender is to maintain a honeynet for as long as possible before moving it to a new location within a larger address space. Using this game theoretic framework, we describe and prove optimal or near-optimal strategies for both the Attacker and the Defender. This is the first mathematically rigorous study of this increasingly important problem on honeynet defense. Our theoretical ideas provide the first formalism of the honeynet monitoring problem, illustrate the viability of network address shuffling, and inform the design of next generation honeynet defense systems.