Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
Using Stochastic Game Theory to Compute the Expected Behavior of Attackers
SAINT-W '05 Proceedings of the 2005 Symposium on Applications and the Internet Workshops
Honeypot-Aware Advanced Botnet Construction and Maintenance
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Firewall Policy Reconstruction by Active Probing: An Attacker's View
NPSEC '06 Proceedings of the 2006 2nd IEEE Workshop on Secure Network Protocols
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
PolicyVis: firewall security policy visualization and inspection
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A graph-theoretic network security game
WINE'05 Proceedings of the First international conference on Internet and Network Economics
OPODIS'04 Proceedings of the 8th international conference on Principles of Distributed Systems
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
Firewalls are among the most important components in network security. Traditionally, the rules of the firewall are kept private under the assumption that privacy of the ruleset makes attacks on the network more difficult. We posit that this assumption is no longer valid in the Internet of today due to two factors: the emergence of botnets reducing probing difficulty and second, the emergence of distributed applications where private rules increase the difficulty of troubleshooting. We argue that the enforcement of the policy is the key, not the secrecy of the policy itself. In this paper, we demonstrate through the application of game theory that public firewall rules when coupled with false information (lying) are actually better than keeping firewall rules private, especially when taken in the larger group context of the Internet. Interesting scenarios arise when honest, public firewalls are socially insured by other lying firewalls and networks adopting public firewalls become mutually beneficial to each other. The equilibrium under multiple-network game is socially optimal because the percentage of required lying firewalls in social optimum is much smaller than the percentage in single-network equilibrium and the chance of attacking through firewalls is further reduced to zero. Copyright © 2011 John Wiley & Sons, Ltd.