Skip to content
/ WebAppMTD Public

Contains Code for the Papers "Moving Target Defense under Uncertainty for Web Applications" and "Learning Effective Strategies for Moving Target Defense with Switching Costs" written by Vignesh Viswanathan, Megha Bose and Praveen Paruchuri.

arxiv.org/pdf/2301.09892v1.pdf
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Megha-Bose/WebAppMTD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
Analysis
Analysis
 
 
Data
Data
 
 
Data_Gen
Data_Gen
 
 
Expts
Expts
 
 
Graphs
Graphs
 
 
.DS_Store
.DS_Store
 
 
README.md
README.md
 
 

Repository files navigation

Moving Target Defense under Uncertainty

The data and code are present in five main directories:

  1. Data: Contains the given and generated datasets. The files in the input subdirectory are sent as input to the algorithms in Expts directory and their output is sent to the output subdirectory.

    • This folder contains input datasets for both general sum and zero sum cases. Each dataset consists of vulnerability lists for each configuration, switching costs, reward values for both the attacker and defender and complete list of possible system vulnerabilities in the concerned system of the dataset. The input files go as [dataset number](attacks.txt, switching.txt, utilities.txt, vulnerabilities.txt).

    • In the output files, the [dataset number]output_[attacker strategy] file stores the utilities in each timestep while [dataset number]overall_out_[attacker strategy] stores the average switches, runtime and utilities per iteration.

    • General sum game datasets and zero sum game cases are separated in different directories.

  2. Data_Gen: Creates the text files. It contains the following files:

    • BSSG_input.txt: Data from Sengupta's github library for the small NVD dataset.

    • data_generator.py: Generates random datasets. To run, python3 data_generator.py n1 n2 generates input files in Data/input/ for datasets n1 to n2
      0 should be added as third argument if the command is run for zero sum game datasets

    • nvd_data_gen.py: Generates NVD-based datasets.

      Make a directory named nvd_data and add data of required years from NIST NVD data feed.

      To run, python3 nvd_data_gen.py n1 n2 y1 y2 generates input files in Data/input/ for datasets n1 to n2 using vulnerabilities from NVD database from year y1 to year y2

    • parser.py: Parses data from Sengupta's library and makes it dataset 0 inside Data/input/general_sum/ directory

  3. Expts: Contains the main code that uses different attacker strategies to generate output.

    • Run them like python3 attacker_[attacker_strategy].py n1 n2 to generate output files for datasets n1 to n2 using corresponding attacker strategy. 0 should be added as third argument if the command is run for zero sum game datasets.

    • Run compare_[attacker strategy].py n1 n2 to generate switches, runtime and utility graphs inside graphs directory in the corresponding output directory for datasets n1 to n2 for an attacker strategy. 0 should be added as third argument if the command is run for zero sum game datasets

  4. Analysis: Contains python notebooks to generate graphs for detection of critical vulnerabilities and graphs based on the output of the experiments.

  5. Graphs: Contains all the graphs generated.

About

Contains Code for the Papers "Moving Target Defense under Uncertainty for Web Applications" and "Learning Effective Strategies for Moving Target Defense with Switching Costs" written by Vignesh Viswanathan, Megha Bose and Praveen Paruchuri.

arxiv.org/pdf/2301.09892v1.pdf

Topics

cybersecurity multi-armed-bandits moving-target-defense

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages