Effectiveness of proactive reset for mitigating impact of stealthy attacks on networks of autonomous systems

摘要

Recent examples have shown that sophisticated cyber attackers are capable of infiltrating the cyber defenses of major organizations and spreading stealthily through a network, potentially doing significant damage before exploited vulnerabilities can be identified or patches developed. Autonomous systems are particularly vulnerable because they are further removed from human intervention. One emerging technology designed to address this problem is proactive reset, where systems automatically undergo a reset operation that restores them to a known malware-free state, regardless of whether or not they were already infected. More frequent resets result in higher security, but may also reduce functionality of the network. In this work, we consider the effectiveness of three proactive reset policies for mitigating the spread of stealthy malware through a network of autonomous systems. We perform experiments using agent-based simulation and find that a proactive policy that uses risk-flow analysis to determine when systems should be reset achieves performance comparable to that of a perfect detector.