Cyber Deception

Achleitner, Stefan; Porta, Thomas La; McDaniel, Patrick; Sugrim, Shridatt; Krishnamurthy, Srikanth V.; Chadha, Ritu

doi:10.1145/2995959.2995962

Cited by 53 publications

(16 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [101], an SDN-based system is proposed, capable of deceiving reconnaissance attacks by providing every host within the network with different views. The proposed system is capable of performing address translation, path mutation, moving vulnerable hosts, and placing honeypots, as well as detecting malicious traffic flows.…”

Section: Architectures Utilizing Multiple Mtd Methodsmentioning

confidence: 99%

“…Out of the architectures utilizing SDN, by far the most popular choice to implement them was by using Mininet [124], although the choice of SDN controllers varied greatly. Among the most popular controllers used throughout the surveyed literature were POX [125], used by [94,101,109,112] and Ryu [59] used in [72,74,79,84]. Other choices of controllers include ONOS [55], which appeared in [73,86,120].…”

Section: Testbedsmentioning

confidence: 99%

“…The paper [108] stated that insider threats are not a problem if a defender launches the MTD architecture out of TCB, which would prevent administrator-level attacks and that user-level attacks are not a threat to the system. The article [101] protects against internal attacks located in an unknown node in the network, as long as SDN controllers are not compromised. In [115], internal threats are defined as attackers, which were able to uncover some of the secret proxies by compromising legitimate clients.…”

Section: Threat Modelmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

The static nature of many of currently used network systems has multiple practical benefits, including cost optimization and ease of deployment, but it makes them vulnerable to attackers who can observe from the shadows to gain insight before launching a devastating attack against the infrastructure. Moving target defense (MTD) is one of the emerging areas that promises to protect against this kind of attack by continuously shifting system parameters and changing the attack surface of protected systems. The emergence of network functions virtualization (NFV) and software-defined networking (SDN) technology allows for the implementation of very sophisticated MTD techniques. Furthermore, the introduction of such solutions as field-programmable gate array (FPGA) programmable acceleration cards makes it possible to take the MTD concept to the next level. Applying hardware acceleration to existing concepts or developing new, dedicated methods will offer more robust, efficient, and secure solutions. However, to the best of the authors’ knowledge, there are still no major implementations of MTD schemes inside large-scale networks. This survey aims to understand why, by analyzing research made in the field of MTD to show current pitfalls and possible improvements that need to be addressed in future proposals to make MTD a viable solution to address current cybersecurity threats in real-life scenarios.

show abstract

Section: Architectures Utilizing Multiple Mtd Methodsmentioning

confidence: 99%

Section: Testbedsmentioning

confidence: 99%

Section: Threat Modelmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

show abstract

“…We decide on the above datasets considering the target scope of our work for the following reasons: 1) we come after the precedent data collection principle to experiment on the text content of academic papers; 2) as it is very unlikely to test on real enterprises' intellectual property digital documents, we choose the medical academic method and results for they are plausible to share similarities with the context of development details and tests results in the medical industry; 3) the context of a patent is a common style of technical writing, which is supposed to mimic engineering design description text. Our datasets 3 are available for future study.…”

Section: Datasets and Parameter Settingmentioning

confidence: 99%

“…Varonis's 2019 Data Breach Statistics have stated that the largest APT has persisted for 30 years in Boeing, while only 3% of a company's folders are protected on average under investigation. Considering the insufficiency of perimeter-based security solutions, researchers design and deploy deceptive entities to actively defend and deter APTs without acquiring prior knowledge on attacks, that is, cyber deception defense [2] [3]. Such defense mechanism not only collect, record, and report on underlying threats through deliberately exposing deceptive information, but also camouflages target assets.…”

Section: Introductionmentioning

confidence: 99%

EDGE: An Enticing Deceptive-content GEnerator as Defensive Deception

2021

KSII TIIS

View full text Add to dashboard Cite

Cyber deception defense mitigates Advanced Persistent Threats (APTs) with deploying deceptive entities, such as the Honeyfile. The Honeyfile distracts attackers from valuable digital documents and attracts unauthorized access by deliberately exposing fake content. The effectiveness of distraction and trap lies in the enticement of fake content. However, existing studies on the Honeyfile focus less on this perspective. In this work, we seek to improve the enticement of fake text content through enhancing its readability, indistinguishability, and believability. Hence, an enticing deceptive-content generator, EDGE, is presented. The EDGE is constructed with three steps: extracting key concepts with a semantics-aware K-means clustering algorithm, searching for candidate deceptive concepts within the Word2Vec model, and generating deceptive text content under the Integrated Readability Index (IR). Furthermore, the readability and believability performance analyses are undertaken. The experimental results show that EDGE generates indistinguishable deceptive text content without decreasing readability. In all, EDGE proves effective to generate enticing deceptive text content as deception defense against APTs.

show abstract