An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance*
Title | An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance* |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Kesidis, G., Shan, Y., Fleck, D., Stavrou, A., Konstantopoulos, T. |
Conference Name | 2018 13th International Conference on Malicious and Unwanted Software (MALWARE) |
Date Published | oct |
Keywords | active reconnaissance, asynchronous moving-target defense, Botnet, botnet reconnaissance, client request load, cloud computing, cloud proxied multiserver tenant, Computer crime, computer network security, current session request intensity, DDoS Attack, invasive software, Malware, moving target defense, Network reconnaissance, Predictive Metrics, pubcrawl, Reconnaissance, reconnaissance activity, Resiliency, Scalability, Servers, Steady-state, tractable adversarial coupon-collector model |
Abstract | We consider a moving-target defense of a proxied multiserver tenant of the cloud where the proxies dynamically change to defeat reconnaissance activity by a botnet planning a DDoS attack targeting the tenant. Unlike the system of [4] where all proxies change simultaneously at a fixed rate, we consider a more "responsive" system where the proxies may change more rapidly and selectively based on the current session request intensity, which is expected to be abnormally large during active reconnaissance. In this paper, we study a tractable "adversarial" coupon-collector model wherein proxies change after a random period of time from the latest request, i.e., asynchronously. In addition to determining the stationary mean number of proxies discovered by the attacker, we study the age of a proxy (coupon type) when it has been identified (requested) by the botnet. This gives us the rate at which proxies change (cost to the defender) when the nominal client request load is relatively negligible. |
DOI | 10.1109/MALWARE.2018.8659359 |
Citation Key | kesidis_adversarial_2018 |
- invasive software
- tractable adversarial coupon-collector model
- Steady-state
- Servers
- Scalability
- Resiliency
- reconnaissance activity
- Reconnaissance
- pubcrawl
- Predictive Metrics
- moving target defense
- malware
- Network reconnaissance
- DDoS Attack
- current session request intensity
- computer network security
- Computer crime
- cloud proxied multiserver tenant
- Cloud Computing
- client request load
- botnet reconnaissance
- botnet
- asynchronous moving-target defense
- active reconnaissance