Efficient Defense Strategies to Minimize Attackers’ Success Probabilities in Honeynet

In this paper, we consider the problem of minimizing attackers' success probability in a protected network subject to attacker profile/behavior constraints and defender resource/strategy constraints. Compared with previous research, the following two enhancements are made. First, we no longer assume that perfect knowledge regarding the network topology and defense resource allocation is fully available for attackers (a worst case scenario for the defender). Second, all combinations of attacker classes can be considered, where each attacker class may be associated with any number of attributes, including ratio, intelligence/experience level, available attack resource and sophisticated attack strategies. The problem is modeled as a generic mathematical programming problem, and a novel two-phase solution approach, which well combines mathematical programming and simulation techniques, is proposed. More specifically, in the "Evaluation Phase", efficient and effective simulations are conducted to evaluate the effectiveness of the current defense policy; whereas, in the "Defense Policy Enhancement Phase", specially-proposed and easy-to-collect information from the "Objective Function Evaluation Phase" is adopted to calculate gradients of the decision variables. From computational experiments on honeynet, applicability and effectiveness of the proposed framework and algorithm are clearly demonstrated. © 2010 IEEE.