Cyber deception: Virtual networks to defend insider reconnaissance

Stefan Achleitner, Thomas La Porta, Patrick McDaniel, Shridatt Sugrim, Srikanth V. Krishnamurthy, Ritu Chadha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

70 Scopus citations

Abstract

Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.

Original languageEnglish (US)
Title of host publicationMIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016
PublisherAssociation for Computing Machinery, Inc
Pages57-68
Number of pages12
ISBN (Electronic)9781450345712
DOIs
StatePublished - Oct 28 2016
Event8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016 - Vienna, Austria
Duration: Oct 28 2016 → …

Publication series

NameMIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016

Other

Other8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016
Country/TerritoryAustria
CityVienna
Period10/28/16 → …

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Cyber deception: Virtual networks to defend insider reconnaissance'. Together they form a unique fingerprint.

Cite this