Towards Intelligent Cyber Deception Systems
The increasingly sophisticated nature of cyberattacks reduces the effectiveness of expert human intervention due to their slow response times. Consequently, interest in automated agents that can make intelligent decisions and plan countermeasures is rapidly growing. In this chapter, we discuss intelligent cyber deception systems. Such systems can dynamically plan the deception strategy and use several actuators to effectively implement the cyber deception measures. We also present a prototype of a framework designed to simplify the development of cyber deception tools to be integrated with such intelligent agents.
This work was partially funded by the Army Research Office under the grants W911NF-13-1-0421 and W911NF-15-1-0576, and by the Office of Naval Research under the grant N00014-15-1-2007.
- 1.Artillery. https://github.com/shoreditch-ops/artillery.
- 2.Docker platform. https://www.docker.com/.
- 3.Python Global Interpreter Lock. https://wiki.python.org/moin/GlobalInterpreterLock.
- 4.E. Al-Shaer. Toward Network Configuration Randomization for Moving Target Defense, pages 153–159. 2011.Google Scholar
- 5.K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, SSYM’05, pages 9–9, 2005.Google Scholar
- 6.F. Araujo, K. W. Hamlen, S. Biedermann, and S. Katzenbeisser. From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pages 942–953, 2014.Google Scholar
- 7.B. M. Bowen, S. Hershkop, A. D. Keromytis, and S. J. Stolfo. Baiting inside attackers using decoy documents. In Security and Privacy in Communication Networks, pages 51–70.Google Scholar
- 8.M. L. Bringer, C. A. Chelmecki, and H. Fujinoki. A survey: Recent advances and future trends in honeypot research. In International Journal of Computer Network and Information Security, IJCNIS, 2012.Google Scholar
- 9.F. De Gaspari, S. Jajodia, L. V. Mancini, and A. Panico. Ahead: A new architecture for active defense. In Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense, SafeConfig ’16, 2016.Google Scholar
- 10.J. C. Giarratano and G. Riley. Expert Systems: Principles and Programming. Brooks/Cole Publishing Co., Pacific Grove, CA, USA, 1989.Google Scholar
- 11.I. J. Goodfellow, J. Shlens, and C. Szegedy. Explaining and Harnessing Adversarial Examples. ArXiv e-prints, 2014.Google Scholar
- 13.B. Hitaj, P. Gasti, G. Ateniese, and F. Perez-Cruz. PassGAN: A Deep Learning Approach for Password Guessing. ArXiv, 2017.Google Scholar
- 14.R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space ASLR. In 2013 IEEE Symposium on Security and Privacy, 2013.Google Scholar
- 15.S. Jajodia, K. A. Ghosh, V. Subrahmanian, V. Swarup, C. Wang, and S. X. Wang, editors. Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Springer, 2013.Google Scholar
- 16.S. Jajodia, K. A. Ghosh, V. Swarup, C. Wang, and S. X. Wang, editors. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, 2011.Google Scholar
- 17.A. Kott, L. V. Mancini, P. Théron, M. Drašar, E. Dushku, H. Günther, M. Kont, B. LeBlanc, A. Panico, M. Pihelgas, and K. Rzadca. Initial Reference Architecture of an Intelligent Autonomous Agent for Cyber Defense. ArXiv e-prints, 2018.Google Scholar
- 19.N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS P), 2016.Google Scholar
- 20.N. Provos. A virtual honeypot framework. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, 2004.Google Scholar
- 21.N. Provos and T. Holz. Detecting Honeypots, chapter in book: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional, 2007.Google Scholar
- 22.J. Saxe and K. Berlin. Deep neural network based malware detection using two dimensional binary program features. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), 2015.Google Scholar
- 23.S. Seufert and D. O’Brien. Machine learning for automatic defence against distributed denial of service attacks. In 2007 IEEE International Conference on Communications, 2007.Google Scholar
- 24.D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. van den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot, S. Dieleman, D. Grewe, J. Nham, N. Kalchbrenner, I. Sutskever, T. Lillicrap, K. Leach, Madeleineand Kavukcuoglu, T. Graepel, and D. Hassabis. Mastering the game of Go with deep neural networks and tree search. Nature, 529:484 EP –, Jan 2016. Article.CrossRefGoogle Scholar
- 25.J. Yuill, M. Zappe, D. Denning, and F. Feer. Honeyfiles: deceptive files for intrusion detection. In Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004., pages 116–122.Google Scholar
- 26.L. Zhao and M. Mannan. Explicit authentication response considered harmful. In Proceedings of the 2013 New Security Paradigms Workshop, NSPW ’13, 2013.Google Scholar