Software Diversity for Cyber Deception

Sarr, Aliou Badra; Anwar, Ahmed H.; Kamhoua, Charles A.; Leslie, Nandi; Acosta, Jaime C.

doi:10.1109/globecom42002.2020.9348122

Cited by 5 publications

(2 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…prediction error probability at databases download cost The concept of deception has been studied as a tool for cyber defense [18][19][20][21][22], where the servers deceive attackers, adversaries, and eavesdroppers to eliminate any harmful activities. In all such cases, the deceiver (servers in this case) gains nothing from the deceived, i.e., attackers, adversaries, and eavesdroppers.…”

Section: Introductionmentioning

confidence: 99%

Deceptive Information Retrieval

Vithana,

Ulukus

2024

Entropy

View full text Add to dashboard Cite

We introduce the problem of deceptive information retrieval (DIR), in which a user wishes to download a required file out of multiple independent files stored in a system of databases while deceiving the databases by making the databases’ predictions on the user-required file index incorrect with high probability. Conceptually, DIR is an extension of private information retrieval (PIR). In PIR, a user downloads a required file without revealing its index to any of the databases. The metric of deception is defined as the probability of error of databases’ prediction on the user-required file, minus the corresponding probability of error in PIR. The problem is defined on time-sensitive data that keep updating from time to time. In the proposed scheme, the user deceives the databases by sending real queries to download the required file at the time of the requirement and dummy queries at multiple distinct future time instances to manipulate the probabilities of sending each query for each file requirement, using which the databases’ make the predictions on the user-required file index. The proposed DIR scheme is based on a capacity achieving probabilistic PIR scheme, and achieves rates lower than the PIR capacity due to the additional downloads made to deceive the databases. When the required level of deception is zero, the proposed scheme achieves the PIR capacity.

show abstract

Section: Introductionmentioning

confidence: 99%

Deceptive Information Retrieval

Vithana,

Ulukus

2024

Entropy

View full text Add to dashboard Cite

show abstract

“…e traditional honeypot systems are mainly based on physical devices or virtual machines, and the deployment and configuration processes are very complicated. erefore, it is more inclined to adopt the static deployment strategies, which are usually combined with game theory [2] or graph theory [3]. Such a deployment strategy is inflexible and does not scale well, which is difficult to accurately reflect the defender's dynamic cognitive process of the attackers.…”

Section: Introductionmentioning

confidence: 99%

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Gao

Zhang

Xing

2021

Security and Communication Networks

View full text Add to dashboard Cite

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.

show abstract