nach oben

vorheriges Kapitel Cyber-Deception and Attribution in Capture-the-...

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2016 | OriginalPaper | Buchkapitel

Deceiving Attackers by Creating a Virtual Attack Surface

Erstes Kapitel lesen

Autoren: Massimiliano Albanese, Ermanno Battista, Sushil Jajodia

Verlag: Springer International Publishing

Jetzt einloggen

Erschienen in: Cyber Deception

» Jetzt Zugang zum Volltext erhalten

Abstract

Cyber attacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, operating systems, and unpatched vulnerabilities. Unfortunately, when system configurations are static, attackers will always be able, given enough time, to acquire accurate knowledge about the target system through a variety of tools—including operating system and service fingerprinting—and engineer effective exploits. To address this important problem, many techniques have been devised to dynamically change some aspects of a system’s configuration in order to introduce uncertainty for the attacker. In this chapter, we present a graph-based approach for manipulating the attacker’s view of a system’s attack surface, which addresses several limitations of existing techniques. To achieve this objective, we formalize the notions of system view and distance between views. We then define a principled approach to manipulating responses to attacker’s probes so as to induce an external view of the system that satisfies certain desirable properties. In particular, we propose efficient algorithmic solutions to two classes of problems, namely (1) inducing an external view that is at a minimum distance from the internal view, while minimizing the cost for the defender; (2) inducing an external view that maximizes the distance from the internal view, given an upper bound on the cost for the defender. In order to demonstrate practical applicability of the proposed approach, we present deception-based techniques for defeating an attacker’s effort to fingerprint operating systems and services on the target system. These techniques consist in manipulating outgoing traffic so that it resembles traffic generated by a completely different system. Experimental results show that our approach can efficiently and effectively deceive an attacker.

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Jetzt einloggen Kostenlos registrieren

Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit dem Kombi-Abo erhalten Sie vollen Zugriff auf über 1,8 Mio. Dokumente aus mehr als 61.000 Fachbüchern und rund 500 Fachzeitschriften aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Umwelt
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe

Testen Sie jetzt 30 Tage kostenlos.

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit dem Technik-Abo erhalten Sie Zugriff auf über 1 Mio. Dokumente aus mehr als 40.000 Fachbüchern und 300 Fachzeitschriften aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Umwelt
Maschinenbau + Werkstoffe

Testen Sie jetzt 30 Tage kostenlos.

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit dem Wirtschafts-Abo erhalten Sie Zugriff auf über 1 Mio. Dokumente aus mehr als 45.000 Fachbüchern und 300 Fachzeitschriften aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb

Testen Sie jetzt 30 Tage kostenlos.

Jetzt informieren

F. H. Abbasi, R. J. Harris, G. Moretti, A. Haider, and N. Anwar. Classification of malicious network streams using honeynets. In Proceedings of the IEEE Conference on Global Communications (GLOBECOM 2012), pages 891–897, Anaheim, CA, USA, December 2012. IEEE.

M. Albanese, S. Jajodia, A. Pugliese, and V. S. Subrahmanian. Scalable analysis of attack scenarios. In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS 2011), pages 416–433, Leuven, Belgium, September 2011. Springer.

M. Albanese, A. De Benedictis, S. Jajodia, and K. Sun. A moving target defense mechanism for manets based on identity virtualization. In Proceedings of the 1st IEEE Conference on Communications and Network Security (IEEE CNS 2013), pages 278–286, Washington, DC, USA, October 2013. IEEE.

M. Albanese, E. Battista, S. Jajodia, and V. Casola. Manipulating the attacker’s view of a system’s attack surface. In Proceedings of the 2nd IEEE Conference on Communications and Network Security (IEEE CNS 2014), pages 472–480, San Francisco, CA, USA, October 2014.

M. Albanese, E. Battista, and S. Jajodia. A deception based approach for defeating OS and service fingerprinting. In Proceedings of the 3rd IEEE Conference on Communications and Network Security (IEEE CNS 2015), pages 253–261, Florence, Italy, September 2015.

P. Auffret. SinFP, unification of active and passive operating system fingerprinting. Journal in Computer Virology, 6(3):197–205, August 2010.

D. Barroso Berrueta. A practical approach for defeating Nmap OS-Fingerprinting. http://nmap.org/misc/defeat-nmap-osdetect.html, January 2003.

V. Casola, A. De Benedictis, and M. Albanese. A moving target defense approach for protecting resource-constrained distributed devices. In Proceedings of the 14th International Conference on Information Reuse and Integration (IEEE IRI 2013), pages 22–29, San Francisco, CA, USA, August 2013.

V. Casola, A. De Benedictis, and M. Albanese. Integration of Reusable Systems, chapter A Multi-Layer Moving Target Defense Approach for Protecting Resource-Constrained Distributed Devices. Advances in Intelligent and Soft Computing. Springer, 2013.

10.

C.-M. Chen, S.-T. Cheng, and R.-Y. Zeng. A proactive approach to intrusion detection and malware collection. Security and Communication Networks, 6(7):844–853, July 2013.

11.

Q. Duan, E. Al-Shaer, and H. Jafarian. Efficient random route mutation considering flow and network constraints. In Proceedings of the 1st IEEE Conference on Communications and Network Security (IEEE CNS 2013), pages 260–268, Washington, DC, USA, October 2013. IEEE.

12.

M. Dunlop, S. Groat, R. Marchany, and J. Tront. Implementing an IPv6 moving target defense on a live network. In Proceedings of the National Moving Target Research Symposium, Annapolis, MD, USA, June 2012.

13.

Executive Office of the President, National Science and Technology Council. Trustworthy cyberspace: Strategic plan for the federal cybersecurity research and development program. http://www.whitehouse.gov/, December 2011.

14.

R. Gula. Enhanced operating system identification with Nessus. http://www.tenable.com/blog/enhanced-operating-system-identification-with-nessus, February 2009.

15.

J. H. Jafarian, E. Al-Shaer, and Q. Duan. OpenFlow random host mutation: Transparent moving target defense using software defined networking. In Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks (HotSDN 2012), pages 127–132, Helsinki, Finland, August 2012. ACM.

16.

S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, editors. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, volume 54 of Advances in Information Security. Springer, 1st edition, 2011.

17.

G. F. Lyon. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, 2009.

18.

P. K. Manadhata and J. M. Wing. An attack surface metric. IEEE Transactions on Software Engineering, 37(3):371–386, May 2011.

19.

A. Rana. What is AMap and how does it fingerprint applications? http://www.sans.org/security-resources/idfaq/amap.php, March 2014.

20.

G. Shu and D. Lee. Network protocol system fingerprinting - a formal approach. In Proceedings of the 25th IEEE International Conference on Computer Communications (INFOCOM 2006). IEEE, April 2006.

21.

C. Trowbridge. An overview of remote operating system fingerprinting. SANS Institute InfoSec Reading Room, July 2003.

22.

D. Watson, M. Smart, G. R. Malan, and F. Jahanian. Protocol scrubbing: Network security through transparent flow modification. IEEE/ACM Transactions on Networking, 12(2): 261–273, April 2004.

23.

M. Zalewski. p0f v3 (version 3.06b). http://lcamtuf.coredump.cx/p0f3/, January 2012.

Titel

Deceiving Attackers by Creating a Virtual Attack Surface

Buch

Cyber Deception

Print ISBN: 978-3-319-32697-9

Electronic ISBN: 978-3-319-32699-3

https://doi.org/10.1007/978-3-319-32699-3

DOI

https://doi.org/10.1007/978-3-319-32699-3_8

Autoren:

Massimiliano Albanese
Ermanno Battista
Sushil Jajodia

Verlag

Springer International Publishing

Sequenznummer

Premium Partner

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.

Zur B2B-Firmensuche

Whitepaper

- ANZEIGE -

Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung

Unternehmen haben das Innovationspotenzial der eigenen Mitarbeiter auch außerhalb der F&E-Abteilung erkannt. Viele Initiativen zur Partizipation scheitern in der Praxis jedoch häufig. Lesen Sie hier - basierend auf einer qualitativ-explorativen Expertenstudie - mehr über die wesentlichen Problemfelder der mitarbeiterzentrierten Produktentwicklung und profitieren Sie von konkreten Handlungsempfehlungen aus der Praxis.
Jetzt gratis downloaden!

Bildnachweise

Neuer Inhalt/© ITandMEDIA, Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung/© astrosystem | stock.adobe.com