MEDKOVÁ, Jana, Martin HUSÁK and Martin DRAŠAR. Network Defence Strategy Evaluation: Simulation vs. Live Network. In Prosper Chemouil, Edmundo Monteiro, Marinos Charalambides, Edmundo Madeira, Paulo Simões, Stefano Secci, Luciano Paschoal Gaspary, Carlos Raniery P. dos Santos. 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). Lisbon: IEEE. p. 81-88. ISBN 978-3-901882-89-0. doi:10.23919/INM.2017.7987267. 2017.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Network Defence Strategy Evaluation: Simulation vs. Live Network
Authors MEDKOVÁ, Jana (203 Czech Republic, guarantor, belonging to the institution), Martin HUSÁK (203 Czech Republic, belonging to the institution) and Martin DRAŠAR (203 Czech Republic, belonging to the institution).
Edition Lisbon, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), p. 81-88, 8 pp. 2017.
Publisher IEEE
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
RIV identification code RIV/00216224:14610/17:00094471
Organization unit Institute of Computer Science
ISBN 978-3-901882-89-0
Doi http://dx.doi.org/10.23919/INM.2017.7987267
Keywords in English game theory;cyber security;simulation;honeypot
Tags core_A, firank_A, rivok
Tags International impact, Reviewed
Changed by Changed by: RNDr. Martin Husák, Ph.D., učo 256631. Changed: 5/4/2018 18:32.
Abstract
A lot of research has been dedicated to finding an optimal strategy to defend network infrastructure. The proposed methods are usually evaluated using simulations, replayed attacks or testbed environments. However, these evaluation methods may give biased results, because in real life, attackers can follow a suboptimal strategy or react to a defence in an unexpected way. In this paper, we use a network of honeypots as a testing environment for evaluating network defence strategies. The honeypot network provides the opportunity to test a defence strategy against real attackers and is not as time and resource consuming as using white hat hackers. In our experiment, we use two different strategies to defend a group of honeypots in a live network and we compare these results to the results of a simulation with replayed attacks. We show that the results of the strategies in the simulation significantly differ from the results on the honeypot network which implies simulations are not sufficient for strategy evaluation. We also investigate how the attacker adapts to the responses taken by a defence strategy and how this change in behaviour affects the evaluation results.
Links
MUNI/A/0997/2016, interní kód MUName: Aplikovaný výzkum na FI: vyhledávacích systémy, bezpečnost, vizualizace dat a virtuální realita.
Investor: Masaryk University, Applied research at FI: search systems, security, data visualization and virtual reality, Category A
VI20172020070, research and development projectName: Výzkum nástrojů pro hodnocení kybernetické situace a podporu rozhodování CSIRT týmů při ochraně kritické infrastruktury (Acronym: CRUSOE)
Investor: Ministry of the Interior of the CR, Research of Tools for Cyber Situational Awareness and Decision Support of CSIRT Teams in Protection of Critical Infrastructure
Type Name Uploaded/Created by Uploaded/Created Rights
2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf Licence Creative Commons  File version Komárková, J. 10/5/2017

Properties

Address within IS
https://is.muni.cz/auth/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf
Address for the users outside IS
https://is.muni.cz/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf
Address within Manager
https://is.muni.cz/auth/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf?info
Address within Manager for the users outside IS
https://is.muni.cz/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf?info
Uploaded/Created
Wed 10/5/2017 12:54

Rights

Right to read
  • anyone on the Internet
  • a concrete person RNDr. Jana Komárková, Ph.D., učo 251365
  • a concrete person RNDr. Martin Husák, Ph.D., učo 256631
  • a concrete person RNDr. Martin Drašar, Ph.D., učo 98998
Right to upload
 
Right to administer:
  • a concrete person RNDr. Jana Komárková, Ph.D., učo 251365
  • a concrete person RNDr. Martin Husák, Ph.D., učo 256631
  • a concrete person RNDr. Martin Drašar, Ph.D., učo 98998
Attributes
 

2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf

Application
Open the file
Download file.
Address within IS
https://is.muni.cz/auth/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf
Address for the users outside IS
https://is.muni.cz/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-paper.pdf
File type
PDF (application/pdf)
Size
125,1 KB
Hash md5
20b1bc06f6acde85bc250e5a4d665252
Uploaded/Created
Thu 1/2/2018 10:15

paper.txt

Application
Open the file
Download file.
Address within IS
https://is.muni.cz/auth/publication/1379728/paper.txt
Address for the users outside IS
https://is.muni.cz/publication/1379728/paper.txt
File type
plain text (text/plain)
Size
41,7 KB
Hash md5
6837a2e51f38ed24d56921c1698fee80
Uploaded/Created
Wed 10/5/2017 12:57
2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf Licence Creative Commons Komárková, J. 10/5/2017

Properties

Address within IS
https://is.muni.cz/auth/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf
Address for the users outside IS
https://is.muni.cz/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf
Address within Manager
https://is.muni.cz/auth/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf?info
Address within Manager for the users outside IS
https://is.muni.cz/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf?info
Uploaded/Created
Wed 10/5/2017 12:54

Rights

Right to read
  • anyone on the Internet
  • a concrete person RNDr. Jana Komárková, Ph.D., učo 251365
  • a concrete person RNDr. Martin Husák, Ph.D., učo 256631
  • a concrete person RNDr. Martin Drašar, Ph.D., učo 98998
Right to upload
 
Right to administer:
  • a concrete person RNDr. Jana Komárková, Ph.D., učo 251365
  • a concrete person RNDr. Martin Husák, Ph.D., učo 256631
  • a concrete person RNDr. Martin Drašar, Ph.D., učo 98998
Attributes
 

2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf

Application
Open the file
Download file.
Address within IS
https://is.muni.cz/auth/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf
Address for the users outside IS
https://is.muni.cz/publication/1379728/2017-IM-Network-Defence-Strategy-Evaluation-Simulation-vs.-Live-Network-presentation.pdf
File type
PDF (application/pdf)
Size
821,9 KB
Hash md5
bb156c4bb4b379b2f521d9a5f7ba611c
Uploaded/Created
Thu 1/2/2018 10:15

presentation.txt

Application
Open the file
Download file.
Address within IS
https://is.muni.cz/auth/publication/1379728/presentation.txt
Address for the users outside IS
https://is.muni.cz/publication/1379728/presentation.txt
File type
plain text (text/plain)
Size
4,9 KB
Hash md5
e6fe0b7cd2a8d500578c8e4960e49416
Uploaded/Created
Wed 10/5/2017 12:57
Print
Report a file uploaded without authorization. Displayed: 28/3/2024 10:57