With the recent development of cyber-crime and cyber-warefare, new techniques for thwarting cyber attackers are required. Deception is the a mechanism that at- tempts to distort or misled an adversary. It is a proven tactic leveraged in traditional warfare with a long history of noted successes. While deception has seen great success in traditional warfare, it has seen little use within the cyber security realm. Further- more, there is very little demonstrated modeling of such defenses in terms of attackers success. This thesis establishes a novel urn-modeling technique for providing the probability of success for an attacker in two different network deception defenses, network address shuffling and honeypots. This work goes on to analyze these models in two scenarios, gaining a foothold and minimum to win, providing insight into the effect both defenses can have under various environments. Finally, this thesis performs an empirical analysis of network address shuffling to provide a cost-benefit analysis regarding attack success and the effect on legitimate network users.
展开▼
