Computer network deception as a Moving Target Defense

Computer Network Defense (CND) has traditionally been provided using reactionary tools such as signature-based detectors, white/blacklisting, intrusion detection/protection systems, etc. While event detection/correlation techniques may identify threats - those threats are then dealt with manually, often employing obstruction-based responses (e.g., blocking). Literature has shown that as threat sophistication grows, perimeter-planted security efforts are ineffective in combating competent adversaries; malicious actors are already seated behind enterprise defenses, navigating the controls. We have developed a novel approach to CND: the Deception Environment. Under the Deception Environment framework, we have created a live, unpredictable, and adaptable deception network leveraging virtualization/cloud technology, software defined networking, introspection and analytics. The environment not only provides the means to identify and contain the threat, but also facilitates the ability to study, understand, and develop protections against sophisticated adversaries. Its extensibility has enabled us to explore its application as a Moving Target Defense (MTD).

[1]  Olumide S. Adewale,et al.  Improving deception in honeynet: Through data manipulation , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[2]  William W. Streilein,et al.  Survey of Cyber Moving Target Techniques , 2013 .

[3]  Joseph G. Tront,et al.  MT6D: A Moving Target IPv6 Defense , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[4]  Per Larsen,et al.  Software Profiling Options and Their Effects on Security Based Diversification , 2014, MTD '14.

[5]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.

[6]  Ehab Al-Shaer,et al.  Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers , 2014, MTD '14.

[7]  Jennifer Rexford,et al.  Live migration of an entire network (and its hosts) , 2012, HotNets-XI.

[8]  Erik Lee,et al.  Network Randomization and Dynamic Defense for Critical Infrastructure Systems , 2015 .

[9]  Oscar Serrano Serrano,et al.  Changing the game: The art of deceiving sophisticated attackers , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[10]  Deng Ning,et al.  A Honeypot Detection Method Based on Characteristic Analysis and Environment Detection , 2012 .

[11]  Martín Abadi,et al.  On Protection by Layout Randomization , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[12]  Ellen W. Zegura,et al.  Virtual network migration on real infrastructure: A PlanetLab case study , 2014, 2014 IFIP Networking Conference.

[13]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[14]  David Walker,et al.  Transparent, Live Migration of a Software-Defined Network , 2014, SoCC.