Detecting Targeted Attacks by Multilayer Deception
نویسندگان
چکیده
Over the past few years, enterprises are facing a growing number of highly customized and targeted attacks that use sophisticated techniques and seek after important company assets, such as customer data and intellectual property. Unlike conventional attacks, targeted attacks are operated by experts who use multiple steps to gain access to sensitive assets, and most of time, leave very few network traces behind for detection. In this paper, we propose a multi-layer deception system that provides an in depth defense against such sophisticated targeted attacks. Specifically, based on previous knowledge and patterns of such attacks, we model the attacker as trying to compromising an enterprise network via multiple stages of penetration and propose defenses at each of these layers using deception based detection. Due to multiple layers of deception, the probability of detecting such an attack will be greatly enhanced. We present a proof of concept implementation of one of the key deception methods proposed. Due to various financial constraints of an enterprise, we also model the design of the deception system as an optimization problem in order to minimize the total expected loss due to system deployment and asset compromise. We find that there is an optimal solution to deploy deception entities, and even over spending budget on more entities will only increase the total expected loss to the enterprise. Such a system Journal of Cyber Security and Mobility, Vol. 2, 175–199. c © 2013 River Publishers. All rights reserved. doi 10.13052/jcsm2245-1439.224
منابع مشابه
Contextual Binding and Deception Detection
Deception is frequently used in cyber attacks. Detecting deception is always a challenge, as witnessed in attacks in social media and other online environments. Contexts can help to identify deception. Unfortunately, there is not much literature available in this aspect. This paper explores the unique properties of contextual binding. It examines roles that it plays. It also proposes a novel ap...
متن کاملDetecting Deception in the context of Web 2.0
Cybenko et al. [1] introduced the concept of cognitive hacking and described several countermeasures for defending against cognitive hacking. Cognitive hacking was defined as a disinformation attack on the mind of the end user of a networked computer system, e.g., a computer connected to the Internet. Cognitive hacking is a type of semantic attack as defined by Libicki, who described computer n...
متن کاملCyber Security of Water SCADA Systems: (II) Attack Detection using Enhanced Hydrodynamic Models
This article investigates the problem of detection and isolation of attacks on a water distribution network comprised of cascaded canal pools. The proposed approach employs a bank of delay-differential observer systems. The observers are based on an analytically approximate model of canal hydrodynamics. Each observer is insensitive to one fault/attack mode and sensitive to other modes. Design o...
متن کاملMitiBox: Camouflage and Deception for Network Scan Mitigation
Reconnaissance, if successful, provides a definite tactical advantage in a battle and, as such, unsolicited computer network scans are often the precursors to more significant attacks against computer assets. In this paper, we introduce an original system whose purpose is to mitigate the benefits an attacker can expect from scanning a targeted network. In contrast to more traditional approaches...
متن کاملMultiple Spoofing Adversaries Detection and Localization in Wireless Networks
The openness of wireless networks enables adversaries to deception as other devices. Spoofing attacks are vulnerable in wireless network, which are allowed the many form of attacks in the network. Wireless spoofing attacks are effortless to start and can extensively impact the performance of networks. A physical property coupled with each node is proposed which uses spatial information, hard to...
متن کامل