Detecting Targeted Attacks by Multilayer Deception

نویسندگان

  • Wei Wang
  • Jeffrey Bickford
  • Ilona Murynets
  • Ramesh Subbaraman
  • Andrea G. Forte
  • Gokul Singaraju
چکیده

Over the past few years, enterprises are facing a growing number of highly customized and targeted attacks that use sophisticated techniques and seek after important company assets, such as customer data and intellectual property. Unlike conventional attacks, targeted attacks are operated by experts who use multiple steps to gain access to sensitive assets, and most of time, leave very few network traces behind for detection. In this paper, we propose a multi-layer deception system that provides an in depth defense against such sophisticated targeted attacks. Specifically, based on previous knowledge and patterns of such attacks, we model the attacker as trying to compromising an enterprise network via multiple stages of penetration and propose defenses at each of these layers using deception based detection. Due to multiple layers of deception, the probability of detecting such an attack will be greatly enhanced. We present a proof of concept implementation of one of the key deception methods proposed. Due to various financial constraints of an enterprise, we also model the design of the deception system as an optimization problem in order to minimize the total expected loss due to system deployment and asset compromise. We find that there is an optimal solution to deploy deception entities, and even over spending budget on more entities will only increase the total expected loss to the enterprise. Such a system Journal of Cyber Security and Mobility, Vol. 2, 175–199. c © 2013 River Publishers. All rights reserved. doi 10.13052/jcsm2245-1439.224

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Contextual Binding and Deception Detection

Deception is frequently used in cyber attacks. Detecting deception is always a challenge, as witnessed in attacks in social media and other online environments. Contexts can help to identify deception. Unfortunately, there is not much literature available in this aspect. This paper explores the unique properties of contextual binding. It examines roles that it plays. It also proposes a novel ap...

متن کامل

Detecting Deception in the context of Web 2.0

Cybenko et al. [1] introduced the concept of cognitive hacking and described several countermeasures for defending against cognitive hacking. Cognitive hacking was defined as a disinformation attack on the mind of the end user of a networked computer system, e.g., a computer connected to the Internet. Cognitive hacking is a type of semantic attack as defined by Libicki, who described computer n...

متن کامل

Cyber Security of Water SCADA Systems: (II) Attack Detection using Enhanced Hydrodynamic Models

This article investigates the problem of detection and isolation of attacks on a water distribution network comprised of cascaded canal pools. The proposed approach employs a bank of delay-differential observer systems. The observers are based on an analytically approximate model of canal hydrodynamics. Each observer is insensitive to one fault/attack mode and sensitive to other modes. Design o...

متن کامل

MitiBox: Camouflage and Deception for Network Scan Mitigation

Reconnaissance, if successful, provides a definite tactical advantage in a battle and, as such, unsolicited computer network scans are often the precursors to more significant attacks against computer assets. In this paper, we introduce an original system whose purpose is to mitigate the benefits an attacker can expect from scanning a targeted network. In contrast to more traditional approaches...

متن کامل

Multiple Spoofing Adversaries Detection and Localization in Wireless Networks

The openness of wireless networks enables adversaries to deception as other devices. Spoofing attacks are vulnerable in wireless network, which are allowed the many form of attacks in the network. Wireless spoofing attacks are effortless to start and can extensively impact the performance of networks. A physical property coupled with each node is proposed which uses spatial information, hard to...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013