TY - GEN
T1 - An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance∗
AU - Kesidis, George
AU - Shan, Yuquan
AU - Fleck, Daniel
AU - Stavrou, Angelos
AU - Konstantopoulos, Takis
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - We consider a moving-target defense of a proxied multiserver tenant of the cloud where the proxies dynamically change to defeat reconnaissance activity by a botnet planning a DDoS attack targeting the tenant. Unlike the system of [4] where all proxies change simultaneously at a fixed rate, we consider a more 'responsive' system where the proxies may change more rapidly and selectively based on the current session request intensity, which is expected to be abnormally large during active reconnaissance. In this paper, we study a tractable 'adversarial' coupon-collector model wherein proxies change after a random period of time from the latest request, i.e., asynchronously. In addition to determining the stationary mean number of proxies discovered by the attacker, we study the age of a proxy (coupon type) when it has been identified (requested) by the botnet. This gives us the rate at which proxies change (cost to the defender) when the nominal client request load is relatively negligible.
AB - We consider a moving-target defense of a proxied multiserver tenant of the cloud where the proxies dynamically change to defeat reconnaissance activity by a botnet planning a DDoS attack targeting the tenant. Unlike the system of [4] where all proxies change simultaneously at a fixed rate, we consider a more 'responsive' system where the proxies may change more rapidly and selectively based on the current session request intensity, which is expected to be abnormally large during active reconnaissance. In this paper, we study a tractable 'adversarial' coupon-collector model wherein proxies change after a random period of time from the latest request, i.e., asynchronously. In addition to determining the stationary mean number of proxies discovered by the attacker, we study the age of a proxy (coupon type) when it has been identified (requested) by the botnet. This gives us the rate at which proxies change (cost to the defender) when the nominal client request load is relatively negligible.
UR - http://www.scopus.com/inward/record.url?scp=85063909241&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063909241&partnerID=8YFLogxK
U2 - 10.1109/MALWARE.2018.8659359
DO - 10.1109/MALWARE.2018.8659359
M3 - Conference contribution
AN - SCOPUS:85063909241
T3 - MALWARE 2018 - Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software
SP - 61
EP - 67
BT - MALWARE 2018 - Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 13th International Conference on Malicious and Unwanted Software, MALWARE 2018
Y2 - 22 October 2018 through 24 October 2018
ER -