230 research outputs found
Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats
Advanced persistent threats (APTs) are stealthy attacks which make use of
social engineering and deception to give adversaries insider access to
networked systems. Against APTs, active defense technologies aim to create and
exploit information asymmetry for defenders. In this paper, we study a scenario
in which a powerful defender uses honeynets for active defense in order to
observe an attacker who has penetrated the network. Rather than immediately
eject the attacker, the defender may elect to gather information. We introduce
an undiscounted, infinite-horizon Markov decision process on a continuous state
space in order to model the defender's problem. We find a threshold of
information that the defender should gather about the attacker before ejecting
him. Then we study the robustness of this policy using a Stackelberg game.
Finally, we simulate the policy for a conceptual network. Our results provide a
quantitative foundation for studying optimal timing for attacker engagement in
network defense.Comment: Submitted to the 2019 Intl. Symp. Modeling and Optimization in
Mobile, Ad Hoc, and Wireless Nets. (WiOpt
Concealing Cyber-Decoys using Two-Sided Feature Deception Games
An increasingly important tool for securing computer networks is the use of deceptive decoy objects (e.g., fake hosts, accounts, or files) to detect, confuse, and distract attackers. One of the well-known challenges in using decoys is that it can be difficult to design effective decoys that are hard to distinguish from real objects, especially against sophisticated attackers who may be aware of the use of decoys. A key issue is that both real and decoy objects may have observable features that may give the attacker the ability to distinguish one from the other. However, a defender deploying decoys may be able to modify some features of either the real or decoy objects (at some cost) making the decoys more effective. We present a game-theoretic model of two-sided deception that models this scenario. We present an empirical analysis of this model to show strategies for effectively concealing decoys, as well as some limitations of decoys for cyber security
Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach
Honeypots play a crucial role in implementing various cyber deception
techniques as they possess the capability to divert attackers away from
valuable assets. Careful strategic placement of honeypots in networks should
consider not only network aspects but also attackers' preferences. The
allocation of honeypots in tactical networks under network mobility is of great
interest. To achieve this objective, we present a game-theoretic approach that
generates optimal honeypot allocation strategies within an attack/defense
scenario. Our proposed approach takes into consideration the changes in network
connectivity. In particular, we introduce a two-player dynamic game model that
explicitly incorporates the future state evolution resulting from changes in
network connectivity. The defender's objective is twofold: to maximize the
likelihood of the attacker hitting a honeypot and to minimize the cost
associated with deception and reconfiguration due to changes in network
topology. We present an iterative algorithm to find Nash equilibrium strategies
and analyze the scalability of the algorithm. Finally, we validate our approach
and present numerical results based on simulations, demonstrating that our game
model successfully enhances network security. Additionally, we have proposed
additional enhancements to improve the scalability of the proposed approach.Comment: This paper accepted in 14th International Conference on Decision and
Game Theory for Security, GameSec 202
Support Vector Machine IDS Rule Extraction Mechanism from Honeypot Data
As awareness is increasing rapidly, more upto date aggressions are appearing. Security is a key to protection above all these problems. In this work, we will make a real existence scenario, employing honeypots. Honeypot is a well projected arrangement that entices hackers into it. By baiting the hacker into the arrangement, it is probable to monitor the procedures that are commenced and running on the arrangement by hacker. In supplementary words, honeypot is a mislead contraption that looks like a real arrangement in order to appeal the attacker. The target of the honeypot is analyzing, understanding, discerning and pursuing hacker’s behaviors in order to craft extra safeguard systems. Honeypot is outstanding method to enhance web protection administrators’ vision and discover how to become data from a victim arrangement employing forensic tools. Honeypot is additionally extremely functional for upcoming menaces to retain trail of new knowledge aggressions
Design of Dynamic and Personalized Deception: A Research Framework and New Insights
Deceptive defense techniques (e.g., intrusion detection, firewalls, honeypots, honeynets) are commonly used to prevent cyberattacks. However, most current defense techniques are generic and static, and are often learned and exploited by attackers. It is important to advance from static to dynamic forms of defense that can actively adapt a defense strategy according to the actions taken by individual attackers during an active attack. Our novel research approach relies on cognitive models and experimental games: Cognitive models aim at replicating an attacker’s behavior allowing the creation of personalized, dynamic deceptive defense strategies; experimental games help study human actions, calibrate cognitive models, and validate deceptive strategies. In this paper we offer the following contributions: (i) a general research framework for the design of dynamic, adaptive and personalized deception strategies for cyberdefense; (ii) a summary of major insights from experiments and cognitive models developed for security games of increased complexity; and (iii) a taxonomy of potential deception strategies derived from our research program so far
Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook
Deception techniques have been widely seen as a game changer in cyber
defense. In this paper, we review representative techniques in honeypots,
honeytokens, and moving target defense, spanning from the late 1980s to the
year 2021. Techniques from these three domains complement with each other and
may be leveraged to build a holistic deception based defense. However, to the
best of our knowledge, there has not been a work that provides a systematic
retrospect of these three domains all together and investigates their
integrated usage for orchestrated deceptions. Our paper aims to fill this gap.
By utilizing a tailored cyber kill chain model which can reflect the current
threat landscape and a four-layer deception stack, a two-dimensional taxonomy
is developed, based on which the deception techniques are classified. The
taxonomy literally answers which phases of a cyber attack campaign the
techniques can disrupt and which layers of the deception stack they belong to.
Cyber defenders may use the taxonomy as a reference to design an organized and
comprehensive deception plan, or to prioritize deception efforts for a budget
conscious solution. We also discuss two important points for achieving active
and resilient cyber defense, namely deception in depth and deception lifecycle,
where several notable proposals are illustrated. Finally, some outlooks on
future research directions are presented, including dynamic integration of
different deception techniques, quantified deception effects and deception
operation cost, hardware-supported deception techniques, as well as techniques
developed based on better understanding of the human element.Comment: 19 page
- …