Denial and Deception in Cyber Defense

Heckman, Kristin E.; Stech, Frank J.; Schmoker, Ben; Thomas, Roshan K.

doi:10.1109/mc.2015.104

Cited by 40 publications

(18 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To overcome these two shortcomings, many proactive defense mechanisms have been widely adopted as alternative measures to disrupt and resist PSFA. Recent research on mainstream proactive defense mechanisms can be divided into two major categories: (i) moving target defense (MTD) [5][6][7] which aims at adding uncertainty and randomness in system configuration to ensure the information gathered by the attacker invalid; (ii) deception-based cyber defense (DCD) [8][9][10] which focuses on providing false information to confuse and deceive the attacker. For example, to enhance the network's resilience, Borbor et al [11] developed an automated approach to diversifying network services under various cost constraints based on the extended resource graph model.…”

Section: Related Workmentioning

confidence: 99%

A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack

Wang

Pei

Zhang

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

As the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching the PSFA. To reverse this asymmetric advantage and resist the PSFA, two new defense ideas, called moving target defense (MTD) and deception-based cyber defense (DCD), have been suggested to provide the proactive selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. Meanwhile, DCD is easy to be marked by the attacker, which will result in a great waste of defense resources and poor defense effectiveness. To address this shortcoming, we propose the hybrid cyber defense mechanism that combines the address mutation (belonging to MTD) and fingerprint camouflage (belonging to DCD) strategies. More specifically, we first introduce and formalize the attacker model of PSFA based on the cyber kill chain. Afterwards, the traffic direction technology is designed to realize the coordination between the strategy of address mutation and the strategy of fingerprint camouflage. Furthermore, we construct the fine-grained quantitative modeling of the attacker’s behaviors through an in-depth observation of actual network confrontation. Based on this, a dynamic defense strategy generation algorithm is presented to maximize the effectiveness of our hybrid mechanism. Finally, the experimental results show that our hybrid mechanism can greatly improve the time required for a successful attack and achieve a better defense effect than the single strategy.

show abstract

Section: Related Workmentioning

confidence: 99%

A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack

Wang

Pei

Zhang

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The game is focused on the integration of cyber attack and defense capabilities into warfare. Cyber capabilities follow a simplified version of the cyber kill chain first proposed by Lockheed Martin [32] including reconnaissance, gaining access, and exploitation. Three examples of cyber capabilities are included in Figure 1.…”

Section: Multi-domain Command and Control Trading Card Gamementioning

confidence: 99%

Battlespace Next(TM)

Flack¹,

Lin²,

Peterson³

et al. 2020

IJSG

View full text Add to dashboard Cite

Changes in the geopolitical landscape and increasing technological complexity have prompted the U.S. Military to coin the terms Multi-Domain Operations (MDO) and Joint All-Domain Command and Control (JADC2) as over-arching strategy to frame the complexity of warfare across both traditional and emerging warfighting domains. Teaching new concepts associated with these terms requires both innovation as well as distinct education and training tools in order to realize the cultural change advocated by senior military leaders. Battlespace NextTM (BSN) is a serious game designed to teach concepts integral to MDO and initiate discussion on military strategy while conserving time, money, and manpower. BSN, a Collectable Card Game (CCG), is engineered to provide an engaging learning tool that educates on capabilities in a multi-domain conflict. This paper proposes an extensible game framework for modeling and reasoning about MDO concepts and presents our empirical feedback from over 120 military play testers evaluating a moderate to difficult version of the game. Results reveal the game teaches MDO concepts and delivers an engaging, hands-on learning experience. Specifically, we provide evidence it improved military readiness in seven areas of MDO in at least 62% of participants and 76% of respondents reported they enjoyed playing the game.

show abstract

“…Deception-based strategies have been applied as countermeasures to delay, detect and confuse an adversary attempting to steal data on a network [46]. In 2015, Kaghazgaran and Takabi [47] proposed honey permission, a deception model integrated into a role-based access control model to address insider threat using access control.…”

Section: B Deception-based Approachesmentioning

confidence: 99%

A Deception Model Robust to Eavesdropping Over Communication for Social Network Systems

et al. 2019

View full text Add to dashboard Cite

Communication security deals with attributes such as confidentiality, integrity, and availability. The current strategies used to achieve covertness of communication employs encryption. Encryption techniques minimize eavesdropping on the conversation between the conversing parties by transforming the message into an unreadable form. However, it does not prevent or discourage eavesdroppers from stealing and attempting to decrypt the encrypted messages using a brute-force attack or by randomly guessing the key. The probability of the eavesdropper acquiring the key and recovering the message is high as he/she can distinguish a correct key from incorrect keys based on the output of the decryption. This is because a message has some structure-texts, pictures, and videos. Thus, an attempt at decrypting with a wrong key yields random gibberish that does not comply with the expected structure. Furthermore, the consistent increase in computational power implies that stolen encrypted data may gradually debilitate to a brute-force attack. Thus, causing the eavesdropper to learn the content of the message. To this end, the objective of this research is to reinforce the current encryption measures with a decoy-based deception model where the eavesdropper is discouraged from stealing encrypted message by confounding his resources and time. Our proposed model leverages its foundation from decoys, deception, and artificial intelligence. An instant messaging application was developed and integrated with the proposed model as a proof of concept. Further details regarding the design, analysis, and implementation of the proposed model are substantiated. The result shows that the proposed model reinforces state-of-the-art encryption schemes and will serve as an effective component for discouraging eavesdropping and curtailing brute-force attack on encrypted messages.

show abstract

Denial and Deception in Cyber Defense

Cited by 40 publications

References 1 publication

A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack

A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack

Battlespace Next(TM)

A Deception Model Robust to Eavesdropping Over Communication for Social Network Systems

Contact Info

Product

Resources

About