Proactive Defense for Internet-of-Things: Integrating Moving Target Defense with Cyberdeception

Ge, Mengmeng; Cho, Jin-Hee; Kim, Dong Seong; Dixit, Gaurav; Chen, Ing-Ray

doi:10.48550/arxiv.2005.04220

Cited by 3 publications

(4 citation statements)

References 35 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An adaptive honeynets based on Partially Observable MDP (POMDP) was discussed in [17]. An integrated defense technique for Internet-of-Things (IOT) to achieve intrusion prevention using decoy system with moving target defense was presented in [18]. An adaptive deception technology for APT29 and APT3 scenario descriptions in the MITRE ATT&CK was proposed in [19].…”

Section: Defensive Deception Technologymentioning

confidence: 99%

Deception Technology Based Intrusion Protection and Detection Mechanism for Digital Substations: A Game Theoretical Approach

Jay¹

2023

IEEE Access

View full text Add to dashboard Cite

Securing substations from cyber attacks is essential to safeguard critical power infrastructure. However, digital substations that are based on the IEC-61850 standard have Generic Object Oriented Substation Events (GOOSE) messages and Sampled Value (SV) messages that are time-critical and thus cannot be protected using encryption techniques. This work presents a study on deception technology (decoys) for mitigating cyber attacks on GOOSE message virtual LAN (VLAN) which is a non-observable strongly connected biography. In this paper, the deployment of defender decoys is proposed by defining observable subgraphs in the VLAN. The defender-attacker interaction is modeled as a single-leader singlefollower game with the defender as the leader. The optimal allocation of decoys for asset protection and attack detection is then formulated as a bi-level optimisation problem. Simultaneous allocation and sequential allocation of protection and detection decoys are considered for defender resource allocation. The existence of equilibrium of the defender-attacker game is proven. The model is illustrated in a 3-IED VLAN and performance is evaluated in a 12-IED VLAN system in the PSRC-I5 protection relay report. The results are compared with the zero-sum game model and it is found that the proposed model is capable of mitigating attacks in the GOOSE VLAN INDEX TERMS Deception technology, IEC-61850 standard, intrusion protection mechanism, intrusion detection mechanism, single-leader single-follower game. NOMENCLATURE VARIABLESDEVIKA JAY (Member, IEEE) received the B.Tech. degree in electrical and electronics engineering from the TKM College of Engineering, Kerala, India, in 2009, and the M.S. degree in power systems and the Ph.D. degree from the Indian Institute of Technology Madras, in 2013 and 2021, respectively. She was the Deputy Manager with Power Grid Corporation of India Ltd. She is currently the Founder and the CTO with Gridsentry Private Ltd. Her research interests include powergrid cybersecurity, power system economics, electricity markets, the application of game theory, and artificial intelligence in power system operation.

show abstract

Section: Defensive Deception Technologymentioning

confidence: 99%

Deception Technology Based Intrusion Protection and Detection Mechanism for Digital Substations: A Game Theoretical Approach

Jay¹

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Many research efforts have been devoted to developing efficient MTD mechanisms, architectures, and strategies. Existing efforts target specific technologies such as Cloud [43], Software Defined Networks (SDN) [42,[44][45][46], SCADA systems, and IoT [47]. Despite this diversity, most developed technologies share common procedural guidelines and stages.…”

Section: Motivationmentioning

confidence: 99%

“…In proactive defense, the move is carried out based on periodic time intervals or random selection of the time interval that might be done using either periodic or random time series [45], this method depends on the time interval and might degrade the performance if the time interval is short [46]. In the hybrid approach, both reactive and proactive approaches might be used together, this will allow the change upon some time interval and will also carry out the change based on an alert from the IDS or firewall that might enhance the security [51].…”

Section: Moving Adaptationsmentioning

confidence: 99%

A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks

Amro

Salah

Moreb³

2023

JCSANDM

View full text Add to dashboard Cite

Distributed Denial-of-Service (DDoS) attacks are among the top toughest security threats in today’s cyberspace. The multitude, diversity, and variety of both the attacks and their countermeasures have the consequence that no optimal solutions exist. However, many mitigation techniques and strategies have been proposed among which is Moving Target Defense (MTD). MTD strategy keeps changing the system states and attack surface dynamically by continually applying various systems reconfigurations aiming at increasing the uncertainty and complexity for attackers. Current proposals of MTD fall into one of three strategies: shuffling, diversity, and redundancy, based on what to move? how to move? and when to move? Despite the existence of such strategies, a comprehensive Framework for MTD techniques against DDoS attacks that can be used for all types of DDoS attacks has not been proposed yet. In this paper, we propose a novel and comprehensive Framework of MTD techniques considering all stages, mechanisms, data sources, and criteria adopted by the research community, the Framework will apply to all DDoS attacks on different systems. To efficiently use our proposed model, a comprehensive taxonomy of MTD mitigation techniques and strategies is also provided and can be used as a reference guide for the best selection of the model’s parameters.

show abstract

“…Existing MTD and N-MTD have been studied to avoid invasion attempts proactively or to improve metrics and variables with a focus on the attenuation of the defender's diversified attack and exploration surface, and then apply it in applied domains, such as IoT [44], cloud [45], and cyber physical systems [46]. Our reason for selecting an MTD mutation cycle using LPC-MTD was to ease the operational deceptive limitations of existing MTD, and to enhance the lack of reactive responses.…”

Section: Lpc-mtdmentioning

confidence: 99%

OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive Deception

Seo

Kim

2021

Applied Sciences

View full text Add to dashboard Cite

This study aimed to alleviate the theoretical limitations of existing moving target defense (MTD) and decoy concepts and improve the efficiency of defensive deception technology within an organization. We present the concept of an open-source intelligence (OSINT)-based hierarchical social engineering decoy (HS-Decoy) strategy while considering the actual fingerprint of each organization. In addition, we propose a loosely proactive control-based MTD strategy that is based on the intended competitive exposure of OSINT between defenders and attackers. Existing MTDs and decoys are biased toward proactive prevention, in that they only perform structural mutation-based attack avoidance or induce static traps. They also have practical limitations, e.g., they do not consider security characterization of each organizational social engineering attack and related utilization plans, no quantitative deception modeling is performed for the attenuation of the attack surface through exposure to OSINT, and there is no operational plan for optimal MTD and decoy application within the organization. Through the applied deception concepts proposed here, the total attack efficiency was reduced by 287% compared to the existing MTD and decoys, while the artificial deception efficiency dominated by defenders was improved by 382%. In addition, the increase rate of deception overhead was also reduced by 174%, and an optimized deceptive trade-off was also presented. In order to enable an organization to utilize the OSINT concept, statistical error reduction, and MTD mutation cycle-based deceptive selectivity, it was introduced as a loose adaptive mutation rather than a preferential avoidance strategy, and an organization-specific optimization direction was introduced through a combination of HS-Decoy and LPC-MTD. In the future, in order to improve the operational reliability of the HS-Decoy and LPC-MTD-based combined model and standardize threat information for each organization, we intend to advance it into an international standard-based complex architecture and characterize it as game theory.

show abstract

Proactive Defense for Internet-of-Things: Integrating Moving Target Defense with Cyberdeception

Cited by 3 publications

References 35 publications

Deception Technology Based Intrusion Protection and Detection Mechanism for Digital Substations: A Game Theoretical Approach

Deception Technology Based Intrusion Protection and Detection Mechanism for Digital Substations: A Game Theoretical Approach

A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks

OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive Deception

Contact Info

Product

Resources

About