Attack graph obfuscation

Hadar Polad, Rami Puzis, Bracha Shapira

Cyber Security Cryptography and Machine Learning: First International …, 2017

Before executing an attack, adversaries usually explore the victim’s network in an attempt to infer the network topology and identify vulnerabilities in the victim’s servers and personal computers. In this research, we examine the effects of adding fake vulnerabilities to a real enterprise network to verify the hypothesis that the addition of such vulnerabilities will serve to divert the attacker and cause the adversary to perform additional activities while attempting to achieve its objectives. We use the attack graph to model the problem of an attacker making its way towards the target in a given network. Our results show that adding fake vulnerabilities forces the adversary to invest a significant amount of effort, in terms of time, exploitability cost, and the number of attack footprints within the network during the attack.