40 research outputs found

    Framework For Modeling Attacker Capabilities with Deception

    Get PDF
    In this research we built a custom experimental range using opensource emulated and custom pure honeypots designed to detect or capture attacker activity. The focus is to test the effectiveness of a deception in its ability to evade detection coupled with attacker skill levels. The range consists of three zones accessible via virtual private networking. The first zone houses varying configurations of opensource emulated honeypots, custom built pure honeypots, and real SSH servers. The second zone acts as a point of presence for attackers. The third zone is for administration and monitoring. Using the range, both a control and participant-based experiment were conducted. We conducted control experiments to baseline and empirically explore honeypot detectability amongst other systems through adversarial testing. We executed a series of tests such as network service sweep, enumeration scanning, and finally manual execution. We also selected participants to serve as cyber attackers against the experiment range of varying skills having unique tactics, techniques and procedures in attempting to detect the honeypots. We have concluded the experiments and performed data analysis. We measure the anticipated threat by presenting the Attacker Bias Perception Profile model. Using this model, each participant is ranked based on their overall threat classification and impact. This model is applied to the results of the participants which helps align the threat to likelihood and impact of a honeypot being detected. The results indicate the pure honeypots are significantly difficult to detect. Emulated honeypots are grouped in different categories based on the detection and skills of the attackers. We developed a framework abstracting the deceptive process, the interaction with system elements, the use of intelligence, and the relationship with attackers. The framework is illustrated by our experiment case studies and the attacker actions, the effects on the system, and impact to the success

    Modeling Deception for Cyber Security

    Get PDF
    In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

    Mathematical analysis of deception.

    Full text link

    Computer Deception : Back to Basics

    Get PDF
    In today's modern society, the increasing demands for connectivity and accessibility place computers in ever larger internetworks. As more and more computers become globally accessible, the number of threats from random and targeted attacks rise rapidly. To counter known and unknown threats, various technologies and concepts are employed as defensive measures. One concept that is in rising popularity is computer deception, the subject of this thesis. The field of computer deception is characterized by fragmentation and is lacking unified definitions and methods. This thesis has reviewed five deception paradigms, in order to build a descriptive theory that is used for understanding the concept of computer deception. The border between human deception and computer deception is investigated. The thesis concludes that computer deception for defense rarely can be seen as a field unrelated to human deception. When attacker tools are targeted for deception, they are only intermediary steps on the way to a human attacker. This makes the core issues of computer deception a matter of psychology, not technology. Computer specialists without knowledge of psychology do not have the expertise necessary for estimating the consequences of deceptions on human attackers

    Advanced Topics in Systems Safety and Security

    Get PDF
    This book presents valuable research results in the challenging field of systems (cyber)security. It is a reprint of the Information (MDPI, Basel) - Special Issue (SI) on Advanced Topics in Systems Safety and Security. The competitive review process of MDPI journals guarantees the quality of the presented concepts and results. The SI comprises high-quality papers focused on cutting-edge research topics in cybersecurity of computer networks and industrial control systems. The contributions presented in this book are mainly the extended versions of selected papers presented at the 7th and the 8th editions of the International Workshop on Systems Safety and Security—IWSSS. These two editions took place in Romania in 2019 and respectively in 2020. In addition to the selected papers from IWSSS, the special issue includes other valuable and relevant contributions. The papers included in this reprint discuss various subjects ranging from cyberattack or criminal activities detection, evaluation of the attacker skills, modeling of the cyber-attacks, and mobile application security evaluation. Given this diversity of topics and the scientific level of papers, we consider this book a valuable reference for researchers in the security and safety of systems

    Cyber Security Concerns in Social Networking Service

    Get PDF
    Today’s world is unimaginable without online social networks. Nowadays, millions of people connect with their friends and families by sharing their personal information with the help of different forms of social media. Sometimes, individuals face different types of issues while maintaining the multimedia contents like, audios, videos, photos because it is difficult to maintain the security and privacy of these multimedia contents uploaded on a daily basis. In fact, sometimes personal or sensitive information could get viral if that leaks out even unintentionally. Any leaked out content can be shared and made a topic of popular talk all over the world within few seconds with the help of the social networking sites. In the setting of Internet of Things (IoT) that would connect millions of devices, such contents could be shared from anywhere anytime. Considering such a setting, in this work, we investigate the key security and privacy concerns faced by individuals who use different social networking sites differently for different reasons. We also discuss the current state-of-the-art defense mechanisms that can bring somewhat long-term solutions to tackling these threats

    A Survey of Social Network Forensics

    Get PDF
    Social networks in any form, specifically online social networks (OSNs), are becoming a part of our everyday life in this new millennium especially with the advanced and simple communication technologies through easily accessible devices such as smartphones and tablets. The data generated through the use of these technologies need to be analyzed for forensic purposes when criminal and terrorist activities are involved. In order to deal with the forensic implications of social networks, current research on both digital forensics and social networks need to be incorporated and understood. This will help digital forensics investigators to predict, detect and even prevent any criminal activities in different forms. It will also help researchers to develop new models / techniques in the future. This paper provides literature review of the social network forensics methods, models, and techniques in order to provide an overview to the researchers for their future works as well as the law enforcement investigators for their investigations when crimes are committed in the cyber space. It also provides awareness and defense methods for OSN users in order to protect them against to social attacks

    A Strategic Decision for Information Security

    Get PDF
    A utilização de recursos informáticos é a estratégia mais comum à maioria das organizações para gerirem os seus ativos e propriedade intelectual. Esta decisão estratégica implica a sua exposição ao exterior através de canais de comunicação (infraestrutura de dados). McDermott e Redish (1999), descrevem a terceira lei de Newton como o princípio da ação - reação, as organizações ao exporem a sua infraestrutura ao exterior despoletaram, como reação, estranhos quererem aceder à sua infraestrutura para diversos fins, seja como puro divertimento, detetarem fragilidades ou, mais relevante para este trabalho, roubarem ativos/propriedade intelectual e criarem uma disrupção no serviços. As organizações sentem necessidade de se protegerem contra estes estranhos/ataques ao implementarem estratégias de segurança, mas a realidade é que as linhas de defesa da rede são permeáveis e as arquiteturas de segurança não são suficientemente dinâmicas para travar as ameaças existentes. Uma estratégia de segurança informática baseada na tecnologia “Deception” poderá permitir de uma forma rápida detetar, analisar e defender as redes organizacionais contra-ataquesem tempo real. Esta tecnologia “Deception” poderá oferecer informações precisas sobre “malware” e atividades maliciosas não detetadas por outros tipos de defesa cibernética. Este trabalho pretende explorar esta estratégia recente baseada em “Deception”, que pretende ser diferenciadora face à panóplia de dispositivos/software de segurança informática existentes. Como resultados, pretende-se elaborar uma análise onde as organizações possam perceber a tecnologia “Deception” nas suas vertentes da eficácia, eficiência e o seu valor estratégico para que, eventualmente, a possam utilizar para suportar/adicionar valor a uma decisão de estratégia de segurança informática.The use of Information Technology (IT) resources are the common approach for most organizations so they assets and intellectual property are properly managed. This strategic decision implies its exposure to the outside world through the data infrastructure. McDermott and Redish (1999), described the third Newton’s law as the principle of action- reaction, when organizations expose their infrastructure to the outside world and, as a response, strangers want to access their infrastructure for various purposes, either as pure fun, detect weaknesses or, more relevant for this work, steal assets/intellectual property. Organizations feel the need to protect themselves against these strangers/attacks by implementing security strategies, but truly, the network's first defense lines are permeable, and the security architectures are not dynamic enough to face existing or future threats. A Deception-based technology could enable the organizations to quickly detect, analyze and defend organizational networks against real-time attacks. Deception technology may provide accurate information on malware and malicious activity not detected by other types of cyber defense. This work intends to explore a new technology, Deception, that claims a differentiation when compared with the range of existing information security suite. The types of cyber-threats and their materialization could be relevant to the information technology and risk analysis. Thus, the intent is to elaborate an analysis where organizations can understand the Deception technology, his effectiveness, and strategic value so they can, eventually, use it to support/add value to a decision regarding information security strategy

    Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses

    Get PDF
    As the convergence between our physical and digital worlds continue at a rapid pace, securing our digital information is vital to our prosperity. Most current typical computer systems are unwittingly helpful to attackers through their predictable responses. In everyday security, deception plays a prominent role in our lives and digital security is no different. The use of deception has been a cornerstone technique in many successful computer breaches. Phishing, social engineering, and drive-by-downloads are some prime examples. The work in this dissertation is structured to enhance the security of computer systems by using means of deception and deceit

    Cyber Security of Critical Infrastructures

    Get PDF
    Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods
    corecore