Name
Abstract | ||
|---|---|---|
Web applications form a critical component of cyber security systems as they act as a gateway for many institutions. Vulnerabilities in web applications allow malicious actors to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. However, the design of good quality switching strategies is still an open problem which is crucial for the effectiveness of the Moving Target Defense approach. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we show how to determine which vulnerability areas should be addressed first once the system is deployed and which attacker type uncertainties should be calibrated with high precision, for increasing the security of the web application. We present experimental results on a representative web application system demonstrating the utility of switching strategies obtained using the proposed method, and we discuss various future directions that are unique to the web application domain. |
Year | Venue | Field |
|---|---|---|
2016 | adaptive agents and multi-agents systems | Open problem,Computer security,Computer science,Hacker,Default gateway,Application domain,Web application,Stackelberg competition,Vulnerability,Bayesian probability |
DocType | Volume | Citations |
Journal | abs/1602.07024 | 5 |
PageRank | References | Authors |
0.54 | 38 | 7 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Satya Gautam Vadlamudi | 1 | 133 | 8.94 |
| Sailik Sengupta | 2 | 22 | 7.00 |
| Subbarao Kambhampati | 3 | 3453 | 450.74 |
| Marthony Taguinod | 4 | 67 | 4.27 |
| Ziming Zhao | 5 | 322 | 30.52 |
| Adam Doupé | 6 | 357 | 33.14 |
| Gail-Joon Ahn | 7 | 3012 | 203.39 |