A deception is often enabled by cloaking or disguising the true intent and corresponding actions of the perpetrating actor. In cyber deception, the degree to which actions are disguised or cloaked is typically called “covertness.” In this chapter, we describe a novel approach to quantifying cyber covertness, a specific attribute of malware relative to specific alert logic that the defender uses. We propose that the covertness of an offensive cyber operation in an adversarial environment is derived from the probability that the operation is detected by the defender. We show that this quantitative concept can be computed using Covertness Block Diagrams that are related to classical reliability block diagrams used for years in the reliability engineering community. This requires methods for modeling the malware and target network defenses that allow us to calculate a quantitative measure of covertness which is interpreted as the probability of detection. Called the Covertness Score, this measure can be used by attackers to design a stealthier method of completing their mission as well as by defenders to understand the detection limitations of their defenses before they are exploited.
[1]
R.G. Bennetts.
Analysis of Reliability Block Diagrams by Boolean Techniques
,
1982,
IEEE Transactions on Reliability.
[2]
E. DeLong,et al.
Comparing the areas under two or more correlated receiver operating characteristic curves: a nonparametric approach.
,
1988,
Biometrics.
[3]
Marko Čepin,et al.
Reliability Block Diagram
,
2011
.
[4]
Christopher Krügel,et al.
Effective and Efficient Malware Detection at the End Host
,
2009,
USENIX Security Symposium.
[5]
J. Miller,et al.
The Institution of Electrical Engineers
,
2006,
Nature.
[6]
U. Bayer,et al.
TTAnalyze: A Tool for Analyzing Malware
,
2006
.
[7]
Thomas M. Cover,et al.
Elements of Information Theory
,
2005
.
[8]
Sandeep Yadav,et al.
Detecting algorithmically generated malicious domain names
,
2010,
IMC '10.
[9]
Michael O. Ball,et al.
Computational Complexity of Network Reliability Analysis: An Overview
,
1986,
IEEE Transactions on Reliability.