A deception based approach for defeating OS and service fingerprinting

Albanese, Massimiliano; Battista, Ermanno; Jajodia, Sushil

doi:10.1109/cns.2015.7346842

Cited by 28 publications

(10 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, the two works that are closer in spirit to the framework proposed in this paper are [45], [46]; both use a deceptive approach in order to confuse the attacker. In contrast to these, our framework aims at finding the best way to answer the attacker's scan queries.…”

Section: Defending Enterprise Networkmentioning

confidence: 99%

A Probabilistic Logic of Cyber Deception

Jajodia

Park

Pierazzi

et al. 2017

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker’s state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests

show abstract

Section: Defending Enterprise Networkmentioning

confidence: 99%

A Probabilistic Logic of Cyber Deception

Jajodia

Park

Pierazzi

et al. 2017

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The honeypots are often emulated, and there is a need to make them look like they run a particular OS or application. Albanese et al [14] in 2015 used six OS and application fingerprinting tools (Nmap, SinFP, XProbe, p0f, amap, and Nessus) to fingerprint a masquerading device. The authors illustrated how to deceive the fingerprinting tools with minimal overhead by modifying the fingerprinted hosts' outgoing traffic.…”

Section: Related Workmentioning

confidence: 99%

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

et al. 2022

View full text Add to dashboard Cite

“…• Network traffic information. The work in [31] proposed an adaptive approach to deceive an attacker that actively collects traffic data in an attempt to obtain system fingerprints and to find a potential target. The proposed deceptive defense approach manipulates outgoing traffic so that it resembles traffic generated by a host with different system profiles (e.g., operating system and service).…”

Section: Topology Info Host Info Traffic Infomentioning

confidence: 99%

Cyber Deception for Computer and Network Security: Survey and Challenges

Lu¹,

Wang²,

Zhao³

2020

Preprint

View full text Add to dashboard Cite

Cyber deception has recently received increasing attentions as a promising mechanism for proactive cyber defense. Cyber deception strategies aim at injecting intentionally falsified information to sabotage the early stage of attack reconnaissance and planning in order to render the final attack action harmless or ineffective.Motivated by recent advances in cyber deception research, we in this paper provide a formal view of cyber deception, and review high-level deception schemes and actions. We also summarize and classify recent research results of cyber defense techniques built upon the concept of cyber deception, including gametheoretic modeling at the strategic level, network-level deception, in-host-system deception and cryptography based deception. Finally, we lay out and discuss in detail the research challenges towards developing full-fledged cyber deception frameworks and mechanisms.

show abstract

A deception based approach for defeating OS and service fingerprinting

Cited by 28 publications

References 5 publications

A Probabilistic Logic of Cyber Deception

A Probabilistic Logic of Cyber Deception

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Cyber Deception for Computer and Network Security: Survey and Challenges

Contact Info

Product

Resources

About