OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive Deception

Seo, Sang; Kim, Do-Hoon

doi:10.3390/app11083402

Cited by 5 publications

(14 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deception-based defenses are potent weapons that have been proven to work in various domains. Their efficacy is based on the fact that they are programmed to exploit key biases to appear realistic but misleading substitutes to the hidden reality [ 79 , 80 , 81 , 82 , 83 , 84 , 85 , 86 , 87 , 88 , 89 , 90 , 91 , 92 , 93 , 94 , 95 , 96 , 97 , 98 , 99 , 100 , 101 , 102 , 103 , 104 , 105 , 106 , 107 , 108 ]. As a result, one will require a thorough understanding of both offensive and defensive trickery to implement a perfect Deception strategy.…”

Section: Discussionmentioning

confidence: 99%

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Mohan

Dixit

Gyaneshwar

et al. 2022

Sensors

View full text Add to dashboard Cite

With information systems worldwide being attacked daily, analogies from traditional warfare are apt, and deception tactics have historically proven effective as both a strategy and a technique for Defense. Defensive Deception includes thinking like an attacker and determining the best strategy to counter common attack strategies. Defensive Deception tactics are beneficial at introducing uncertainty for adversaries, increasing their learning costs, and, as a result, lowering the likelihood of successful attacks. In cybersecurity, honeypots and honeytokens and camouflaging and moving target defense commonly employ Defensive Deception tactics. For a variety of purposes, deceptive and anti-deceptive technologies have been created. However, there is a critical need for a broad, comprehensive and quantitative framework that can help us deploy advanced deception technologies. Computational intelligence provides an appropriate set of tools for creating advanced deception frameworks. Computational intelligence comprises two significant families of artificial intelligence technologies: deep learning and machine learning. These strategies can be used in various situations in Defensive Deception technologies. This survey focuses on Defensive Deception tactics deployed using the help of deep learning and machine learning algorithms. Prior work has yielded insights, lessons, and limitations presented in this study. It culminates with a discussion about future directions, which helps address the important gaps in present Defensive Deception research.

show abstract

Section: Discussionmentioning

confidence: 99%

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Mohan

Dixit

Gyaneshwar

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…As a follow-up study, Li et al [55] proposed a Markov Stackelberg game together with optimization formulas based on the average-cost semi-Markov decision process (SMDP) and the discrete time Markov decision process (DTMDP) to produce the defender's spatiotemporal MTD mutation decision-making process against advanced attackers. Seo et al [56,57] proposed an active cognitive disturbance function not influenced by the existing MTD concept and combined it with a social engineering decoy sandbox layered in the form of organizational open-source intelligence (OSINT) to form defensive deception concepts optimized for actual organizational operational goals. Based on these previous studies, a real-time attack-defense competition in an organizational environment with limited resources could be simulated and multi-staged deceptive decision-making processes could also be modeled depending on the scenario.…”

Section: Game-enabled Defensive Deception Techniques With Mtdmentioning

confidence: 99%

IoDM: A Study on a IoT-Based Organizational Deception Modeling with Adaptive General-Sum Game Competition

Seo

Kim

2022

Electronics

Self Cite

View full text Add to dashboard Cite

Moving target defense (MTD) and decoy strategies, measures of active defense, were introduced to secure both the proactive security and reactive adaptability of internet-of-things (IoT) networks that have been explosively applied to various industries without any strong security measures and to mitigate the side effects of threats. However, the existing MTD and decoy strategies are limited to avoiding the attacker’s reconnaissance and initial intrusion attempts through simple structural mutations or inducing the attackers to a static trap based on the deceptive path and lack approaches to adaptively optimize IoT in consideration of the unique characteristic information by the domain of IoT. Game theory-based and decoy strategies are other options; however, they do not consider the dynamicity and uncertainty of the decision-making stages by the organizational agent related to the IoT domains. Therefore, in this paper, we present a type of organizational deception modeling, namely IoT-based organizational deception modeling (IoDM), which considers both the dynamic topologies and organizational business fingerprints customized in the IoT domain and operational purpose. For this model, we considered the practical scalability of the existing IoT-enabled MTD and decoy concepts and formulated the partially incomplete deceptive decision-making modeling for the cyber-attack and defense competition for IoT in real-time based on the general-sum game. According to our experimental results, the efficiency of the deceptive defense of the IoT defender could be improved by 70% on average while deriving the optimal defense cost compared to the increased defense performance. The findings of this study will improve the deception performances of MTD and decoy strategies by IoT scenarios related to various operational domains such as smart home networks, industrial networks, and medical networks. To the best of our knowledge, this study has employed social-engineering IoT knowledge and general-sum game theory for the first time.

show abstract

“…It is mainly classified as a domain-based category consisting of information flow on the Internet, public datasets maintained by governments, and private open datasets. Organizational OSINT [61] is characterized as the use of an information group consisting of unique OSINTs and rough fingerprints of foreign government military organizations collected and composed based on open sub-party services. It involves performing all necessary stages to proactively establish an OSINT strategy based on security requirements related to an organization's legacy operating environment mainly by identifying information sources, including a stage in which open OSINTs are collected based on identified organizational information sources and strategies, a stage in which acquired data are normalized based on correlation graphs and then supplemented based on parent-child nodes followed by a reinforcing step based on parent-child nodes, and a stage in which the reinforced OSINT information group is refined into social engineering deceptive knowledge and concretized as cyber space intelligence (CYBINT) in sequence.…”

Section: Organizational Deception Knowledge With Osintmentioning

confidence: 99%

“…First, loosely proactive control-based MTD (LPC-MTD) [61] is an organizational MTD concept designed to alleviate both conceptual limitations and social engineering scalability problems of the existing MTD. It artificially adjusts the mutation strength based on the intention of the defender to intentionally expose false information or present disinformation whereby the defender dominantly forces the attacker to make a hasty judgment as if he/she has successfully bypassed the defender's MTD interface.…”

Section: Lpc-mtd and Hs-decoy For Organizational Defensive Deception ...mentioning

confidence: 99%

“…τ i is the temporospatial resource consumed in relation to the intervention of the defender until the completion of the mutation of the mutation time slot length of the surface information related to i, and m i is the surface information sampled and optimized based on i in the deceptive surface set M of the defender, which can be created through mutation. HS-Decoy (hierarchical social engineering decoy) [61] is also an OSINT-based organizational decoy concept that either statically induces attackers to continue to attack a false target that is not a target of protection to further improve the deception efficiency within an organization of the existing decoy or forces successive attack chains of attackers that have been isolated to remain in the sandbox while deceiving the attackers to stop them from attempting to escape. Since it mainly appears similar to normal service or important information while being more enticing based on OSINTs by organization, it looks valuable to attackers.…”

Section: Lpc-mtd and Hs-decoy For Organizational Defensive Deception ...mentioning

confidence: 99%

See 1 more Smart Citation

SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict

Seo

Kim

2021

Electronics

Self Cite

View full text Add to dashboard Cite

Existing moving target defense (MTD) and decoy systems are conceptually limited in avoiding and preventing attackers’ social-engineering real-time attacks by organization through either structural mutations or induction and isolation only using static traps. To overcome the practical limitations of existing MTD and decoy and to conduct a multi-stage deception decision-making in a real-time attack-defense competition, the current work presents a social-engineering organizational defensive deception game (SOD2G) as a framework, consi dering hierarchical topologies and fingerprint characteristics by organization. The present work proposed and applied deception concepts and zero-sum-based two-player game models as well as attacker and defender decision-making process based on deceivable organizational environments and vulnerability information. They were designed in consideration of limited organizational resources so that they could converge in the positive direction to secure organizational defender dominant share and optimal values of the defender deception formulated by both scenario and attribute. This framework could handle incomplete private information better than existing models and non-sequentially stratified, and also contributed to the configuration of the optimal defender deception strategy. As the experimental results, they could increase the deception efficiency within an organization by about 40% compared to existing models. Also, in the sensitivity analysis, the proposed MTD and decoy yielded improvements of at least 60% and 30% in deception efficiency, respectively, compared to the existing works.

show abstract

OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive Deception

Cited by 5 publications

References 51 publications

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

IoDM: A Study on a IoT-Based Organizational Deception Modeling with Adaptive General-Sum Game Competition

SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict

Contact Info

Product

Resources

About