Planning and Integrating Deception into Computer Security Defenses

Almeshekah, Mohammed H.; Spafford, Eugene H.

doi:10.1145/2683467.2683482

Cited by 87 publications

(55 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A closely related topic to deceptive path-planning is the deceptive or adversarial task planning. Braynov [ 39 ] presents a conceptual framework of planning and plan recognition as a deterministic full-information simultaneous-moves game and argues that rational players would play the Nash equilibrium in the game. The goal of the actor is to traverse an attack graph from a source to one of few targets and the observer can remove one of the edges in the attack graph per move.…”

Section: Background and Related Workmentioning

confidence: 99%

Single Real Goal, Magnitude-Based Deceptive Path-Planning

Zeng

Qin

et al. 2020

Entropy

View full text Add to dashboard Cite

Deceptive path-planning is the task of finding a path so as to minimize the probability of an observer (or a defender) identifying the observed agent’s final goal before the goal has been reached. It is one of the important approaches to solving real-world challenges, such as public security, strategic transportation, and logistics. Existing methods either cannot make full use of the entire environments’ information, or lack enough flexibility for balancing the path’s deceptivity and available moving resource. In this work, building on recent developments in probabilistic goal recognition, we formalized a single real goal magnitude-based deceptive path-planning problem followed by a mixed-integer programming based deceptive path maximization and generation method. The model helps to establish a computable foundation for any further imposition of different deception concepts or strategies, and broadens its applicability in many scenarios. Experimental results showed the effectiveness of our methods in deceptive path-planning compared to the existing one.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Single Real Goal, Magnitude-Based Deceptive Path-Planning

Zeng

Qin

et al. 2020

Entropy

View full text Add to dashboard Cite

show abstract

“…A closely related topic to deceptive path-planning is the deceptive or adversarial task planning. Braynov [35] presents a conceptual framework of planning and plan recognition as a deterministic full-information simultaneous-moves game, and argues that rational players would play the Nash equilibrium in the game. The goal of the actor is to traverse an attack graph from a source to one of few targets and the observer can remove one of the edges in the attack graph per move.…”

Section: Background and Related Workmentioning

confidence: 99%

Improving the Scalability of the Magnitude-Based Deceptive Path-Planning Using Subgoal Graphs

Zeng

et al. 2020

Entropy

View full text Add to dashboard Cite

Deceptive path-planning is the task of finding a path so as to minimize the probability of an observer (or a defender) identifying the observed agent’s final goal before the goal has been reached. Magnitude-based deceptive path-planning takes advantage of the quantified deceptive values upon each grid or position to generate paths that are deceptive. Existing methods using optimization techniques cannot satisfy the time constraints when facing with the large-scale terrain, as its computation time grows exponentially with the size of road maps or networks. In this work, building on recent developments in the optimal path planner, the paper proposes a hybrid solution between map scaling and hierarchical abstractions. By leading the path deception information down into a general purpose but highly-efficient path-planning formulation, the paper substantially speeds up the task upon large scale terrains with an admissible loss of deception.

show abstract

“…Deception technique has also been applied to malware analysis. A method using deception to analyze and protect attacks was proposed by Almeshekah et al (2014). Specifically, this method uses deception to inpel attackers toward honeypots, that is, analysis environments that mimic the production environment.…”

Section: Related Workmentioning

confidence: 99%

Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor

Sato

Takahashi

Yamauchi

2019

IJSSC

View full text Add to dashboard Cite

Security or system management software is essential for keeping systems secure. If these essential services are stopped or disabled by attackers, damages to the system increase. Therefore, protecting essential services is crucial for preventing and mitigating attacks. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes design and implementation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. The proposed method consists of interposition and proxy execution of the system call function. In the proposed method, the virtual machine monitor (VMM) monitors system calls invoked in a protection target VM. If an essential process invokes system calls related to file manipulation, the VMM interposes the system call and collects information from the protection target VM. If the file is an essential file, the VMM requests proxy execution to the proxy VM on another VM. After proxy-execution of the system call, the proxy process returns the result to the VMM. Finally, the VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content. With this mechanism, it is difficult for attackers to monitor access to essential files. In this paper, we describe the design, implementation, and evaluation of the proposed method.

show abstract

Planning and Integrating Deception into Computer Security Defenses

Cited by 87 publications

References 29 publications

Single Real Goal, Magnitude-Based Deceptive Path-Planning

Single Real Goal, Magnitude-Based Deceptive Path-Planning

Improving the Scalability of the Magnitude-Based Deceptive Path-Planning Using Subgoal Graphs

Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor

Contact Info

Product

Resources

About