Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games
This paper presents a scalable solution for zero-sum, one-sided, partially observable stochastic games (Z-POSGs) in the realm of cybersecurity. Existing heuristic search value iteration (HSVI) methods often face significant challenges with scalability in large and complex networks. To overcome this...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10786011/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846118301615259648 |
|---|---|
| author | Achile Leonel Nguemkam Ahmed Hemida Anwar Vianney Kengne Tchendji Deepak K. Tosh Charles Kamhoua |
| author_facet | Achile Leonel Nguemkam Ahmed Hemida Anwar Vianney Kengne Tchendji Deepak K. Tosh Charles Kamhoua |
| author_sort | Achile Leonel Nguemkam |
| collection | DOAJ |
| description | This paper presents a scalable solution for zero-sum, one-sided, partially observable stochastic games (Z-POSGs) in the realm of cybersecurity. Existing heuristic search value iteration (HSVI) methods often face significant challenges with scalability in large and complex networks. To overcome this limitation, we introduce an innovative approach that leverages core attack graphs summarized abstractions that streamline incremental strategy generation. This technique reduces the belief and action spaces, making it possible to manage large-scale networks more efficiently. By focusing the analysis on the core attack graph, our approach minimizes the necessity to process the entire network, leading to substantial reductions in time and memory requirements while maintaining solution accuracy. Our method achieves an average solution accuracy within an epsilon value of 0.68%. Additionally, experimental results show that the execution time on the core attack graph is reduced by around 45% compared to that on the original graph, showcasing its significant performance advantage. Furthermore, we successfully solved the largest instances, comprising up to 300 nodes, underscoring the scalability and efficiency of our approach in handling complex, large-scale networks. Comparative evaluations demonstrate that integrating core attack graphs with existing HSVI techniques not only enhances scalability but also preserves solution quality. These findings highlight the proposed method’s potential for effective and efficient application in large-scale cybersecurity networks, outperforming state-of-the-art solutions. |
| format | Article |
| id | doaj-art-c18fdf3ad3da4b6ea88bd2cf2ac726a3 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-c18fdf3ad3da4b6ea88bd2cf2ac726a32024-12-18T00:01:46ZengIEEEIEEE Access2169-35362024-01-011218744418745510.1109/ACCESS.2024.351346110786011Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic GamesAchile Leonel Nguemkam0https://orcid.org/0009-0003-4741-5852Ahmed Hemida Anwar1https://orcid.org/0000-0001-8907-3043Vianney Kengne Tchendji2https://orcid.org/0000-0003-3836-1859Deepak K. Tosh3https://orcid.org/0000-0001-8492-1066Charles Kamhoua4https://orcid.org/0000-0003-2169-5975Department of Mathematics and Computer Science, University of Dschang, Dschang, CameroonDEVCOM Army Research Laboratory, Adelphi, MD, USADepartment of Mathematics and Computer Science, University of Dschang, Dschang, CameroonDepartment of Computer Science, The University of Texas at El Paso, El Paso, TX, USADEVCOM Army Research Laboratory, Adelphi, MD, USAThis paper presents a scalable solution for zero-sum, one-sided, partially observable stochastic games (Z-POSGs) in the realm of cybersecurity. Existing heuristic search value iteration (HSVI) methods often face significant challenges with scalability in large and complex networks. To overcome this limitation, we introduce an innovative approach that leverages core attack graphs summarized abstractions that streamline incremental strategy generation. This technique reduces the belief and action spaces, making it possible to manage large-scale networks more efficiently. By focusing the analysis on the core attack graph, our approach minimizes the necessity to process the entire network, leading to substantial reductions in time and memory requirements while maintaining solution accuracy. Our method achieves an average solution accuracy within an epsilon value of 0.68%. Additionally, experimental results show that the execution time on the core attack graph is reduced by around 45% compared to that on the original graph, showcasing its significant performance advantage. Furthermore, we successfully solved the largest instances, comprising up to 300 nodes, underscoring the scalability and efficiency of our approach in handling complex, large-scale networks. Comparative evaluations demonstrate that integrating core attack graphs with existing HSVI techniques not only enhances scalability but also preserves solution quality. These findings highlight the proposed method’s potential for effective and efficient application in large-scale cybersecurity networks, outperforming state-of-the-art solutions.https://ieeexplore.ieee.org/document/10786011/Partially observable stochastic gameslateral movementdynamic honeypot allocationcore attack graph |
| spellingShingle | Achile Leonel Nguemkam Ahmed Hemida Anwar Vianney Kengne Tchendji Deepak K. Tosh Charles Kamhoua Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games IEEE Access Partially observable stochastic games lateral movement dynamic honeypot allocation core attack graph |
| title | Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games |
| title_full | Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games |
| title_fullStr | Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games |
| title_full_unstemmed | Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games |
| title_short | Optimal Honeypot Allocation Using Core Attack Graph in Partially Observable Stochastic Games |
| title_sort | optimal honeypot allocation using core attack graph in partially observable stochastic games |
| topic | Partially observable stochastic games lateral movement dynamic honeypot allocation core attack graph |
| url | https://ieeexplore.ieee.org/document/10786011/ |
| work_keys_str_mv | AT achileleonelnguemkam optimalhoneypotallocationusingcoreattackgraphinpartiallyobservablestochasticgames AT ahmedhemidaanwar optimalhoneypotallocationusingcoreattackgraphinpartiallyobservablestochasticgames AT vianneykengnetchendji optimalhoneypotallocationusingcoreattackgraphinpartiallyobservablestochasticgames AT deepakktosh optimalhoneypotallocationusingcoreattackgraphinpartiallyobservablestochasticgames AT charleskamhoua optimalhoneypotallocationusingcoreattackgraphinpartiallyobservablestochasticgames |