Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception

Rowe, Neil C.; Goh, Han Chong

doi:10.1109/iaw.2007.381927

Cited by 20 publications

(11 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, Rowe and Goh observed increasing number of attacks after the system went down and came back up. This analysis suggests that keeping an existing long-used IP address and responding normally to packets might lead to a decrease in the number of attacks [38].…”

Section: Counter Counter-deceptionmentioning

confidence: 99%

Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

Endicott-Popovsky

Narvaez

Seifert

et al. 2009

Foundations of Augmented Cognition. Neuroergonomics and Operational Neuroscience

View full text Add to dashboard Cite

Abstract. This paper presents the application of deception theory to improve the success of client honeypots at detecting malicious web page attacks from infected servers programmed by online criminals to launch drive-by-download attacks. The design of honeypots faces three main challenges: deception, how to design honeypots that seem real systems; counter-deception, techniques used to identify honeypots and hence defeating their deceiving nature; and counter counter-deception, how to design honeypots that deceive attackers. The authors propose the application of a deception model known as the deception planning loop to identify the current status on honeypot research, development and deployment. The analysis leads to a proposal to formulate a landscape of the honeypot research and planning of steps ahead.

show abstract

Section: Counter Counter-deceptionmentioning

confidence: 99%

Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

Endicott-Popovsky

Narvaez

Seifert

et al. 2009

Foundations of Augmented Cognition. Neuroergonomics and Operational Neuroscience

View full text Add to dashboard Cite

show abstract

“…Rowe presents Naval Postgraduate School experimental results that demonstrate that attackers can be manipulated by deception [1], and describes a spoofing channel application used to serve spoofs to intruders as a response to Intrusion Detection System (IDS) alerts [2]. Provos describes how fingerprinting tools (e.g.…”

Section: Introductionmentioning

confidence: 99%

A social agent dynamic honeynet for attack modeling

Çağlayan

Alavedra

Toothaker

et al. 2012

2012 IEEE Conference on Technologies for Homeland Security (HST)

View full text Add to dashboard Cite

In our paper we present initial findings related to an effort to develop an agent based dynamic honeynet that simulates user interactions with social networks for the purposes of developing attack models. Our solution allows security professionals to create networks simulating user activity for companies and government entities through the provision of a set of parameters. Our research pointed to the importance of instantiating a social dimension to our virtual agents, providing the agent with the ability to interact with a variety of social networks. For this purpose, we developed influence models to learn patterns from actual users' activity on social networks to improve the effectiveness of the social agents. We discuss our responses to the technical challenges and analytically investigate the initial results of our honeynet's ability to attract adversary activity.

show abstract

“…It can be aided by metrics for detecting national, political, social, or cultural bias in the targets of malicious network traffic. Standard statistical techniques can suggest that the victims represent a particular political perspective or country's interest more than a random sample would (Rowe and Goh, 2007). For instance, a significance test on a linear metric encoding political or social agendas can provide a first approximation, while the Kullback-Leibler divergence can characterize the extent of difference between expected and observed traffic distributions.…”

Section: Network Monitoring For Cyberweaponsmentioning

confidence: 99%

Stuxnet

Oliver¹

2016

Conflict and Cooperation in Cyberspace

View full text Add to dashboard Cite

A cyberweapon can be as dangerous as any weapon. Fortunately, recent technology now provides some tools for cyberweapons control. Digital forensics can be done on computers seized during or after hostilities. Cyberweapons differ significantly from other software, especially during their development, and recent advances in summarizing the contents of storage media can locate possible cyberweapons quickly. In addition, use of cyberweapons can be distinguished from the usual malicious Internet traffic by being aimed at targets associated with political, social, and cultural issues that are often known well in advance, and we can monitor those targets. Cyberweapons are relatively unreliable compared to other kinds of weapons because they depend on flaws in software, and flaws can get fixed; cyberweapons therefore require considerable testing, preferably against live targets, and this testing may be observable. So international "cyberarms agreements" could provide for forensics on cyberweapons and usage monitoring. Agreements can also encourage cyberweapons use to be more responsible by stipulating attribution and reversibility. We conclude with a discussion of the kinds of international agreements that are desirable, and examine the recent increasing interest of the United States government in such agreements.

show abstract

Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception

Abstract: Abstract

Cited by 20 publications

References 15 publications

Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

A social agent dynamic honeynet for attack modeling

Stuxnet

Contact Info

Product

Resources

About