Detecting Targeted Attacks By Multilayer Deception

Wang, Wei; Bickford, Jeffrey; Murynets, Ilona; Subbaraman, Ramesh; Forte, Andrea; Singaraju, Gokul

doi:10.13052/jcsm2245-1439.224

Cited by 12 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wang et al [153] propose a multi-layer deception system (see Figure 8), which is composed of honeypot servers and various honeytokens such as honey people, honey files, honey database, and honey activities. The honey people is fake personas created on social network platforms.…”

Section: A Deception In Depthmentioning

confidence: 99%

“…The authentication server is responsible for verifying the client's credential, providing Fig. 8: The multi-layer deception system in [153] requested server's current IP address upon successful authentication, and updating the IP addresses of servers in the server pool. The randomization controller coordinates the mutation of the network.…”

Section: A Deception In Depthmentioning

confidence: 99%

See 1 more Smart Citation

Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

Zhang¹,

Thing²

2021

Preprint

View full text Add to dashboard Cite

Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a twodimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.

show abstract

Section: A Deception In Depthmentioning

confidence: 99%

Section: A Deception In Depthmentioning

confidence: 99%

Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

Zhang¹,

Thing²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…other network tracing tools [51]. The collected information is useful in the later stages to deliver payload (the actual intended message that performs malicious action) to the target system.…”

Section: External Cyber Kill Chain Modelmentioning

confidence: 99%

Railway Defender Kill Chain to Predict and Detect Cyber-Attacks

Kour

Thaduri

Karim

2020

JCSANDM

View full text Add to dashboard Cite

Most organizations focus on intrusion prevention technologies, with less emphasis on prediction and detection. This research looks at prediction and detection in the railway industry. It uses an extended cyber kill chain (CKC) model and an industrial control system (ICS) cyber kill chain for detection and proposes predictive technologies that will help railway organizations predict and recover from cyber-attacks. The extended CKC model consists of both internal and external cyber kill chain; breaking the chain at an early stage will help the defender stop the adversary’s malicious actions. This research incorporates an OSA (open system architecture) for railways with the railway cybersecurity OSA-CBM (open system architecture for condition-based maintenance) architecture. The railway cybersecurity OSACBM architecture consists of eight layers; cybersecurity information moves from the initial level of data acquisition to data processing, data analysis, incident detection, incident assessment, incident prognostics, decision support, and visualization. The main objective of the research is to predict, prevent, detect, and respond to cyber-attacks early in the CKC by using defensive controls called the Railway Defender Kill Chain (RDKC). The contributions of the research are as follows. First, it adapts and modifies the railway cybersecurity OSA-CBM architecture for railways. Second, it adapts the cyber kill chain model for the railway. Third, it introduces the Railway Defender Kill Chain. Fourth, it presents examples of cyber-attack scenarios in the railway system.

show abstract

“…Deceit can also be injected into the public data about our systems. Wang et al made the case of disseminating public data about some "fake" personnel for the purpose of catching attacks such as spear phishing [48]. In addition, we note that this category also includes offline stored data such as backups that can be used as a focus of deception.…”

Section: System's Internal and Public Datamentioning

confidence: 99%

Planning and Integrating Deception into Computer Security Defenses

Almeshekah

Spafford

2014

Proceedings of the 2014 New Security Paradigms Workshop

View full text Add to dashboard Cite

Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that use deception were ad-hoc attempts to incorporate deceptive elements. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of fundamental reasons why deception works and the essential principles involved in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception in many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be designed to exploit specific adversaries' biases. We investigate these biases and discuss how can they be used by presenting a number of examples.

show abstract

Detecting Targeted Attacks By Multilayer Deception

Cited by 12 publications

References 11 publications

Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

Railway Defender Kill Chain to Predict and Detect Cyber-Attacks

Planning and Integrating Deception into Computer Security Defenses

Contact Info

Product

Resources

About