General information:
- Duration: 5-6 months, stipend of around 600 euros.
- The intern will work at the Computer Science Lab, University of Avignon, in Avignon, France. It is possible to negotiate about some teleworking periods.
- This project will be followed by a 3 years PhD program.
- Starting date: February/March 2024.
Context: Cyber deception is a defense strategy, complementary to conventional approaches, used to enhance the security posture of a system. The basic idea of this technique is to deliberately conceal and/or falsify a part of such system by deploying and managing decoys (e.g., “honeypots”, “honeynets”, etc.), i.e., applications, data, network elements and protocols that appear to malicious actors as a legitimate part of the system, and to which their attacks are misdirected. The advantage of an effective cyber deception strategy is twofold: on one hand, it depletes attackers’ resources while allowing system security tools to take necessary countermeasures; on the other hand, it provides valuable insights on attackers’ tactics and techniques, which can be used to improve system’s resilience to future attacks and upgrade security policies accordingly. Although cyber-deception has been successfully applied in some scenarios, existing deception approaches lack the flexibility to be seamlessly operated in highly distributed and resource-constrained environments. Indeed, if virtualization and cloud-native design approaches paved the way for ubiquitous deployment of applications, they widened the attack surface that malicious actors might exploit. In such a scenario, it is practically unfeasible to try to deploy decoys for each and every system’s service or application without dramatically depleting resources, especially in edge scenarios, where these are scarcely available. This calls for a novel approach to cyber deception combining security, networking, cloud and AI technologies, that takes the tradeoff between security and efficiency into account and makes deception strategies more effective in cloud-to-edge environments.
Project description: Considering a service proposed to end-users as a set of micro-services interconnected, malicious agents can discover each micro-service one by one (like a random walk in a directed graph). A first approach will be to model a service as an oriented graph, in which each node represents a micro-service. Deception mechanisms will be defined as creating sub-graphs (set of virtual services) in order to deceive the malicious agent. But creating such virtual environments are costly for the system, and these resources are limited. Therefore, a natural question arises: How and when to create such virtual deception services when a malicious attack is discovered in a micro-service node? Then the overall topology of the service will be modelled as a dynamic graph and its structure will evolve depending on the states/actions of the decision makers (attacker and defender) as well as the dynamic process.
The goal of this intern position is to start to answer this question by modeling and simulating this scenario. Indeed, following steps will be considered:
- Simple static model will be built such that the problem can be written as a static optimization problem (i.e. the decision is based at the building of the system once and for all). This first step can be based on the analysis of random walks on dynamic graphs.
- Advanced dynamic models can be considered in a second step, in which the deception strategy is determined depending on the localization and/or time of the cyberattack in the micro-service chain. This second step will be based on Markov Decision Theory, which gives important tools in stochastic optimization and AI.
- A game theoretic model can be then proposed when the attacker is also strategic. A stochastic game framework can be studied in this context as in [3].
- Simulations based on a discrete event framework can serve to validate properties of deception strategies and to evaluate their performances.
The candidate should have a scientific profile with very good skills in mathematics (optimization, probability) and some skills in computer programming.
Contact:
- Francesco DE PELLEGRINI, francesco.de-pellegrini@univ-avignon.fr
- Yezekael HAYEL, yezekael.hayel@univ-avignon.fr
URL: https://drive.google.com/file/d/16hS4D9DQvODSLSfNHb9Wh9SpVpbZ0_eE/view