28 research outputs found

    Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

    Full text link
    Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a two-dimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.Comment: 19 page

    Burnable Pseudo-Identity: A Non-Binding Anonymous Identity Method for Ethereum

    Get PDF
    The concept of identity has become one common research topic in security and privacy where the real identity of users must be preserved, usually covered by pseudonym identifiers. With the rise of Blockchain-based systems, identities are becoming even more critical than before, mainly due to the immutability property. In fact, many publicly accessible Blockchain networks like Ethereum rely on pseudonymization as a method for identifying subject actions. Pseudonyms are often employed to maintain anonymity, but true anonymity requires unlinkability. Without this property, any attacker can examine the messages sent by a specific pseudonym and learn new information about the holder of this pseudonym. This use of Blockchain collides with regulations because of the right to be forgotten, and Blockchain-based solutions are ensuring that every data stored within the chain will not be modified. In this paper we define a method and a tool for dealing with digital identities within Blockchain environments that are compliant with regulations. The proposed method provides a way to grant digital pseudo identities unlinked to the real identity. This new method uses the benefits of key derivation systems to ensure a non-binding interaction between users and the information model associated with their identity. The proposed method is demonstated in the Ethereum context and illustrated with a case study.PoSeID-on is a project funded by the European Commission. This project has received funding from the European Union’s Horizon 2020 program under Grant Agreement n◦ 786713

    Bait and Snitch: Defending Computer Systems with Decoys

    Get PDF
    Threats against computer networks continue to multiply, but existing security solutions are persistently unable to keep pace with these challenges. In this paper we present a new paradigm for securing computational resources which we call decoy technology. This technique involves seeding a system with data that appears authentic but is in fact spurious. Attacks can then be detected by monitoring this phony information for access events. Decoys are capable of detecting malicious activity, such as insider and masquerade attacks, that are beyond the scope of traditional security measures. They can be used to address confidentiality breaches either proactively or after they have taken place. This work examines the challenges that must be overcome in order to successfully deploy decoys as part of a comprehensive security solution. It discusses situations where decoys are particularly useful as well as characteristics that effective decoy material should share. Furthermore, we describe the tools that we have developed to efficiently craft and distribute decoys in order to form a network of sensors that is capable of detecting adversarial action that occurs anywhere in an organizations system

    Identifying and Preventing Insider Threats

    Get PDF
    Insider threats, or attacks against a company from within, are a pressing issue both domestically and internationally. Frequencies of these threats increase each year adding to the overall importance of further research analysis. In fact, many case studies have been conducted which state that these employees who participate in insider attacks tend to exhibit certain personality and characteristic traits, as well as certain observable behaviors, that would indicate to other employees that an attack is imminent. It is hypothesized that companies will be able to take a more preventative stance of security as opposed to a reactive stance by identifying these characteristics and behaviors, as well as the motivations that drive them. In order to accomplish this task, companies must implement multiple layers of technological means of security, as well as take a more hands-on, holistic approach with company-wide involvement

    Design requirements for generating deceptive content to protect document repositories

    Get PDF
    For nearly 30 years, fake digital documents have been used to identify external intruders and malicious insider threats. Unfortunately, while fake files hold potential to assist in data theft detection, there is little evidence of their application outside of niche organisations and academic institutions. The barrier to wider adoption appears to be the difficulty in constructing deceptive content. The current generation of solutions principally: (1) use unrealistic random data; (2) output heavily formatted or specialised content, that is difficult to apply to other environments; (3) require users to manually build the content, which is not scalable, or (4) employ an existing production file, which creates a protection paradox. This paper introduces a set of requirements for generating automated fake file content: (1) enticing, (2) realistic, (3) minimise disruption, (4) adaptive, (5) scalable protective coverage, (6) minimise sensitive artefacts and copyright infringement, and (7) contain no distinguishable characteristics. These requirements have been drawn from literature on natural science, magical performances, human deceit, military operations, intrusion detection and previous fake file solutions. These requirements guide the design of an automated fake file content construction system, providing an opportunity for the next generation of solutions to find greater commercial application and widespread adoption

    An Empirical Analysis of Cyber Deception Systems

    Get PDF
    corecore