TY - GEN
T1 - Cyber deception
T2 - 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016
AU - Achleitner, Stefan
AU - La Porta, Thomas
AU - McDaniel, Patrick
AU - Sugrim, Shridatt
AU - Krishnamurthy, Srikanth V.
AU - Chadha, Ritu
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/10/28
Y1 - 2016/10/28
N2 - Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.
AB - Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.
UR - http://www.scopus.com/inward/record.url?scp=85002253412&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85002253412&partnerID=8YFLogxK
U2 - 10.1145/2995959.2995962
DO - 10.1145/2995959.2995962
M3 - Conference contribution
AN - SCOPUS:85002253412
T3 - MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016
SP - 57
EP - 68
BT - MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016
PB - Association for Computing Machinery, Inc
Y2 - 28 October 2016
ER -