Abstract
Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which heightened security measures are deployed onto a select group of chokepoint hosts to enhance detection or deter penetration. Chokepoints are chosen such that, together, they connect small isolated clusters of the communication graph. Hence, attackers attempting to propagate are limited to a small set of targets or have to penetrate one or more chokepoints. Optimal placement of chokepoints requires solving an NP-hard problem and, hence, we approximate optimal solutions via a suite of heuristics. We test our algorithms on data from a large operational network and discover that heightened security measures are only needed on 0.65 % of the nodes to restrict unimpeded attacker propagation to no more than 15 % of the network.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
