Coordinated defense internet game

Karel Durkota - Sebastián García

defense problems

• Current defense strategies are good but not good enough.

• Mostly use reputation for defending.

• Most protections are human-assisted.

• No deception. Low attack costs create confident attackers.

• Most organizations lack visibility, knowledge and alerts.

goal

To improve the defense strategy of each organization by gathering information from all organizations and COORDINATING a global protection.

Proposed approach

• Defense strategies will be computed using game theory and machine learning detection.

  • Stratosphere will provide the detection and centralization of data.

  • HoneyMaze will provide the game theory experience to compute a better defense strategy.

Proposed approach

• Use flows.

  • No privacy concerns.

• blocking/unblocking of ips and ports.

• redirect to Honeypots as a deception technique.

  • Randomized strategies.

  • Fake data.

  • Increased attack duration.

cz.nic: first inspirational client

• Group of Organizations in charge of .cz domain.

• Project Turris:

  • +2,000 routers distributed in Czech Republic.

  • Includes honeypots and firewall control.

  • Open mind about sharing traffic statistics.

• Already officially collaborating with us.

milestones

• Continue the research supporting this project.

• Implement the service on the cloud.

• Run a pilot prototype with CZ.NIC.

• Provide this service to other organizations.