Attack Modeling and Cyber Deception Resources Deployment Using Multi-layer Graph

Abstract

Cyber deception techniques are being used for the proactive defense against attacks. Several techniques were proposed in the literature to address the optimal and intelligent deployment of deception techniques but are unable to consider at the same time the wide sets of threats and defense data (attack tactics, techniques, exploited vulnerabilities, affected machines, generated traces), and the high uncertainty facing the selection of cyber deception resources and their locations. In this work, we provide a multi-layer graph that describes an attack with multi-views: a sequence of vulnerabilities, weaknesses, techniques and tactics. Based on this modeling, we provide algorithms for attack scenarios extraction, metrics for attack scenarios ranking and selection, and analytics for deception techniques assessment and comparison. Finally, a case study is presented to illustrate the efficiency of the proposed model.