Skip to main content
SpringerLink
Log in

Deception-Enhanced Threat Sensing for Resilient Intrusion Detection

  • Chapter
  • First Online:
Autonomous Cyber Deception

Abstract

Enhancing standard web services with deceptive responses to cyberattacks can be a powerful and practical strategy for improved intrusion detection. Such deceptions are particularly helpful for addressing and overcoming barriers to effective machine learning-based intrusion detection encountered in many practical deployments. For example, they can provide a rich source of training data when training data is scarce, they avoid imposing a labeling burden on operators in the context of (semi-)supervised learning, they can be deployed post-decryption on encrypted data streams, and they learn concept differences between honeypot attacks and attacks against genuine assets.

The approach presented in this chapter examines how deceptive web service responses can be realized as software security patches that double as feature extraction engines for a network-level intrusion detection system. The resulting system coordinates multiple levels of the software stack to achieve fast, automatic, and accurate labeling of live web data streams, and thereby detects attacks with higher accuracy and adaptability than comparable non-deceptive defenses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 79.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Change history

  • 01 February 2020

    This book was inadvertently published as an authored work with the chapter authors mentioned in the footnotes of the chapter opening pages. This has now been updated and the chapter authors have been mentioned in the respective chapter opening pages as mentioned below:

Notes

  1. 1.

    https://sysdig.com/opensource/sysdig/install.

References

  1. K. Alnaami, G. Ayoade, A. Siddiqui, N. Ruozzi, L. Khan, and B. Thuraisingham. P2V: Effective website fingerprinting using vector space representations. In Proceedings of the IEEE Symposium on Computational Intelligence, pages 59–66, 2015.

    Google Scholar 

  2. F. Araujo and K. W. Hamlen. Compiler-instrumented, dynamic secret-redaction of legacy processes for attacker deception. In Proceedings of the USENIX Security Symposium, 2015.

    Google Scholar 

  3. F. Araujo and K. W. Hamlen. Embedded honeypotting. In S. Jajodia, V. Subrahmanian, V. Swarup, and C. Wang, editors, Cyber Deception: Building the Scientific Foundation, chapter 10, pages 195–225. Springer, 2016.

    Google Scholar 

  4. F. Araujo, K. W. Hamlen, S. Biedermann, and S. Katzenbeisser. From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of the ACM Conference on Computer and Communications Security, pages 942–953, 2014.

    Google Scholar 

  5. S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of the ACM Conference on Computer and Communications Security, pages 1–7, 1999.

    Google Scholar 

  6. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita. Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1):303–336, 2014.

    Article  Google Scholar 

  7. A. L. Blum and P. Langley. Selection of relevant features and examples in machine learning. Artificial Intelligence, 97(1):245–271, 1997.

    Article  MathSciNet  Google Scholar 

  8. N. Boggs, H. Zhao, S. Du, and S. J. Stolfo. Synthetic data generation and defense in depth measurement of web applications. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pages 234–254, 2014.

    Chapter  Google Scholar 

  9. V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: A survey. ACM Computing Surveys, 41(3):15, 2009.

    Article  Google Scholar 

  10. D. E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2):222–232, 1987.

    Article  Google Scholar 

  11. D. Dudorov, D. Stupples, and M. Newby. Probability analysis of cyber attack paths against business and commercial enterprise systems. In Proceedings of the IEEE European Intelligence and Security Informatics Conference, pages 38–44, 2013.

    Google Scholar 

  12. K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of the IEEE Symposium on Security & Privacy, pages 332–346, 2012.

    Google Scholar 

  13. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1):18–28, 2009.

    Article  Google Scholar 

  14. Juniper Research. The future of cybercrime and security: Financial and corporate threats and mitigation, 2015.

    Google Scholar 

  15. A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the Annual ACM Workshop on Privacy in the Electronic Society, pages 103–114, 2011.

    Google Scholar 

  16. A. Patcha and J.-M. Park. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448–3470, 2007.

    Article  Google Scholar 

  17. J. C. Platt. Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods. In Advances in Large Margin Classifiers, pages 61–74. MIT Press, 1999.

    Google Scholar 

  18. R. Sommer and V. Paxson. Outside the closed world: On using machine learning for network intrusion detection. In Proceedings of the IEEE Symposium on Security & Privacy, pages 305–316, 2010.

    Google Scholar 

  19. Symantec. Internet security threat report, vol. 21, 2016.

    Google Scholar 

  20. C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin. Intrusion detection by machine learning: A review. Expert Systems with Applications, 36(10):11994–12000, 2009.

    Article  Google Scholar 

  21. E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer. Taxonomy and survey of collaborative intrusion detection. ACM Computing Surveys, 47(4), 2015.

    Article  Google Scholar 

  22. T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg. Effective attacks and provable defenses for website fingerprinting. In Proceedings of the USENIX Security Symposium, 2014.

    Google Scholar 

  23. J. Yuill, D. Denning, and F. Feer. Using deception to hide things from hackers: Processes, principles, and techniques. Journal of Information Warfare, 5(3):26–40, 2006.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM T.J. Watson Research Center, Yorktown Heights, NY, USA

    Frederico Araujo

  2. The University of Texas at Dallas, Richardson, TX, USA

    Gbadebo Ayoade, Kevin W. Hamlen & Latifur Khan

Authors
  1. Frederico Araujo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gbadebo Ayoade
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kevin W. Hamlen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Latifur Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kevin W. Hamlen .

Editor information

Editors and Affiliations

  1. Department of Software & Information System, University of North Carolina Charlotte, Charlotte, NC, USA

    Ehab Al-Shaer

  2. Department of Software and Information System, University of North Carolina, Charlotte, NC, USA

    Jinpeng Wei

  3. Computer Science Department, University of Texas at Dallas, Richardson, TX, USA

    Kevin W. Hamlen

  4. Computing and Information Science Division, Army Research Office, Durham, NC, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Araujo, F., Ayoade, G., Hamlen, K.W., Khan, L. (2019). Deception-Enhanced Threat Sensing for Resilient Intrusion Detection. In: Al-Shaer, E., Wei, J., Hamlen, K., Wang, C. (eds) Autonomous Cyber Deception. Springer, Cham. https://doi.org/10.1007/978-3-030-02110-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02110-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02109-2

  • Online ISBN: 978-3-030-02110-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation