Using a novel behavioral stimuli-response framework to Defend against Adversarial Cyberspace Participants

Autonomous Baiting, Control and Deception of Adversarial Cyberspace Participants (ABCD-ACP) is an experimental defensive framework against potentially adversarial cyberspace participants, such as malicious software and subversive insiders. By deploying fake targets (called baits/stimuli) onto a virtualized environment, the framework seeks to probabilistically identify suspicious participants through aggregate suspicious behavior, subvert their decision structure and goad them into a position favorable to the defense. Baits include simulating insertion of readable and writable drives with weak or no password, marked doc/pdf/txt/exe/cad/xls/dat files, processes with popular target names and processes that detect thread injections.

[1]  Vincent H. Berk,et al.  An overview of process query systems , 2004, SPIE Defense + Commercial Sensing.

[2]  J Doyle,et al.  Highly optimized tolerance and power laws in dense and sparse resource regimes. , 2005, Physical review. E, Statistical, nonlinear, and soft matter physics.

[3]  Doyle,et al.  Highly optimized tolerance: robustness and design in complex systems , 2000, Physical review letters.

[4]  L. Wasserman,et al.  A Reference Bayesian Test for Nested Hypotheses and its Relationship to the Schwarz Criterion , 1995 .

[5]  Zhendong Su,et al.  On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits , 2005, CCS '05.

[6]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[7]  Margo I. Seltzer,et al.  An architecture a day keeps the hacker away , 2005, CARN.

[8]  Barton P. Miller,et al.  An empirical study of the robustness of MacOS applications using random testing , 2006, RT '06.

[9]  Julian C. Bradfield,et al.  A general definition of malware , 2010, Journal in Computer Virology.

[10]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[11]  Peter Ferrie Attacks on Virtual Machine Emulators , 2007 .

[12]  Daniel Bilar,et al.  On callgraphs and generative mechanisms , 2007, Journal in Computer Virology.

[13]  Salvatore J. Stolfo,et al.  On the infeasibility of modeling polymorphic shellcode , 2007, CCS '07.

[14]  Evangelos Kotsovinos,et al.  Virtualization: Blessing or Curse? , 2010, Commun. ACM.

[15]  Eric Filiol,et al.  Malware as interaction machines: a new framework for behavior modelling , 2008, Journal in Computer Virology.

[16]  Felix C. Freiling,et al.  The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.

[17]  Vikram Mulukutla Wolfsting: Extending Online Dynamic Malware Analysis Systems by Engaging Malware. , 2010 .

[18]  Marco Ramilli,et al.  Return-Oriented Programming , 2012, IEEE Security & Privacy.

[19]  Christian S. Collberg,et al.  Surreptitious Software: Models from Biology and History , 2007 .

[20]  Thomas Dullien,et al.  Automated Attacker Correlation for Malicious Code , 2010 .

[21]  Xu Chen,et al.  Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[22]  R. Savell,et al.  HBML: A Representation Language for Quantitative Behavioral Modeling in the Human Terrain , 2008 .

[23]  Robert K. Niven,et al.  Combinatorial Information Theory: I. Philosophical Basis of Cross-Entropy and Entropy , 2005, ArXiv.

[24]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[25]  Laura J. Snyder "The whole box of tools": William Whewell and the logic of induction , 2008, British Logic in the Nineteenth Century.

[26]  James A. Whittaker,et al.  Software security vulnerability testing in hostile environments , 2002, SAC '02.

[27]  D. J. Robinson,et al.  Cyber-based behavioral modeling , 2010 .

[28]  George Cybenko,et al.  Hypergame theory applied to cyber attack and defense , 2010, Defense + Commercial Sensing.

[29]  Bill Blunden The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System , 2009 .