Int J Performability Eng ›› 2020, Vol. 16 ›› Issue (11): 1762-1770.doi: 10.23940/ijpe.20.11.p8.17621770

Previous Articles     Next Articles

Scheduling and Deploying Distributed Sandboxes for Cyber-Attack Detection

Lian Yua,*, Lijun Liub, Cong Tana, Bei Zhaob and Chen Zhangb   

  1. aSchool of Software and Microelectronics, Peking University, Beijing, 100871, China;
    bInstitute of Research and Development, Mobile China, Beijing, 100080, China
  • Submitted on ; Revised on ; Accepted on
  • Contact: *E-mail address: lianyu@ss.pku.edu.cn

Abstract: This paper proposes a process to deploy a cluster of distributed sandboxes to trace, track and attribute possible threats and attacks. The deployed distributed sandboxes detect suspicious threats collaboratively and publish the results as transactions to a directed acyclic graph (DAG) at the expense of verifying transactions existing in DAG in terms of signatures and relevant threats/attacks. A set of policies are designed to maintain DAG effectiveness, efficiency and fairness. Based on data on the DAG, association analysis is performed to produce threat intelligence for the deployment decision in the next round. To reduce the deployment cost, a stochastic programming is developed to take the uncertainty into consideration. Preliminary experiments are carried out to evaluate the feasibilities of the proposed approach.

Key words: distributed sandboxes, attack detection, attack attribution, scheduling, DAG data structure