Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Using Deep Learning to Generate Relational HoneyData Read chapter Read first chapter

2019 | OriginalPaper | Chapter

6. CONCEAL: A Strategy Composition for Resilient Cyber Deception: Framework, Metrics, and Deployment

Authors : Qi Duan, Ehab Al-Shaer, Mazharul Islam

Published in: Autonomous Cyber Deception

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Cyber deception is a key proactive cyber resilience technique to reverse the current asymmetry that favors adversaries in cyber warfare by creating a significant confusion in discovering and targeting cyber assets. One of the key objectives for cyber deception is to hide the true identity of the cyber assets in order to effectively deflect adversaries away from critical targets, and detect their activities early in the kill chain.
Although many cyber deception techniques were proposed including using honeypots to represent fake targets and mutating IP addresses to frequently change the ground truth of the network configuration (Jafarian et al., IEEE Transactions on Information Forensics and Security 10(12):2562–2577 (2015)), none of these deception techniques is resilient enough to provide high confidence of concealing the identity of the network assets, particularly against sophisticated attackers. In fact, in this chapter our analytical and experimental work showed that highly resilient cyber deception is unlikely attainable using a single technique, but it requires an optimal composition of various concealment techniques to maximize the deception utility. We, therefore, present a new cyber deception framework, called CONCEAL, which is a composition of mutation, anonymity, and diversity to maximize key deception objectives, namely concealability, detectability, and deterrence, while constraining the overall deployment cost. We formally define the CONCEAL metrics for concealability, detectability, and deterrence to measure the effectiveness of CONCEAL. Finally, we present the deployment of CONCEAL as a service to achieve manageability and cost-effectiveness by automatically generating the optimal deception proxy configuration based on existing host/network configuration, risk constraints of network services, and budget constraints. Our evaluation experiments measure both the deception effectiveness based on the above metrics and the scalability of the CONCEAL framework.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception
next chapter NetShifter: A Comprehensive Multi-Dimensional Network Obfuscation and Deception Solution
Literature
1.
2.
3.
Al-Shaer E (2009) Mutable networks, National cyber leap year summit 2009 participants ideas report. Tech. rep., Networking and Information Technology Research and Development (NTIRD)
4.
Al-Shaer E (2011) Toward network configuration randomization for moving target defense. In: Jajodia S, Ghosh AK, Swarup V, Wang C, Wang XS (eds) Moving Target Defense, Advances in Information Security, vol 54, Springer New York, pp 153–159
5.
Anagnostakis KG, Sidiroglou S, Akritidis P, Xinidis K, Markatos EP, Keromytis AD (2005) Detecting targeted attacks using shadow honeypots. In: Usenix Security
6.
7.
Budiarto R, Samsudin A, Heong CW, Noori S (2004) Honeypots: why we need a dynamics honeypots? In: Information and Communication Technologies: From Theory to Applications, 2004. Proceedings. 2004 International Conference on, IEEE, pp 565–566
8.
9.
Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1:80
10.
Jafarian H, Niakanlahiji A, Al-Shaer E, Duan Q (2016) Multi-dimensional host identity anonymization for defeating skilled attackers. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, ACM, New York, NY, USA, MTD ’16, pp 47–58, DOI 10.1145/2995272.2995278, URL http://​doi.​acm.​org/​10.​1145/​2995272.​2995278
11.
Jafarian JH, Al-Shaer E, Duan Q (2012) Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the first workshop on Hot topics in software defined networks, ACM, pp 127–132
12.
Jafarian JH, Al-Shaer E, Duan Q (2015) An effective address mutation approach for disrupting reconnaissance attacks. IEEE Transactions on Information Forensics and Security 10(12):2562–2577CrossRef
13.
Jafarian JHH, Al-Shaer E, Duan Q (2014) Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers. In: Proceedings of the First ACM Workshop on Moving Target Defense, ACM, MTD ’14, pp 69–78
14.
15.
McClure S, Scambray J, Kurtz G, Kurtz (2005) Hacking exposed: network security secrets and solutions, vol 6. McGraw-Hill/Osborne New York
16.
Medved J, Varga R, Tkacik A, Gray K (2014) Opendaylight: Towards a model-driven SDN controller architecture. In: World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on a, IEEE, pp 1–6
17.
Michalski J, Price C, Stanton E, Lee E, Seah CK, TAN YH, Pheng C (2002) Final report for the network security mechanisms utilizing network address translation LDRD project. technical report sand2002-3613. Tech. rep., Sandia National Laboratories
18.
Michalski JT (2006) Network security mechanisms utilising network address translation. International Journal of Critical Infrastructures 2(1):10–49CrossRef
19.
Rowe NC, Custy EJ, Duong BT (2007) Defending cyberspace with fake honeypots. Journal of Computers 2(2):25–36CrossRef
20.
Sun J, Sun K (2016) DESIR: Decoy-enhanced seamless IP randomization. In: INFOCOM 2016
21.
Team M (2012) Mininet: An instant virtual network on your laptop (or other pc)
Metadata
Title
CONCEAL: A Strategy Composition for Resilient Cyber Deception: Framework, Metrics, and Deployment
Authors
Qi Duan
Ehab Al-Shaer
Mazharul Islam
Copyright Year
2019
Book
Autonomous Cyber Deception

Print ISBN: 978-3-030-02109-2

Electronic ISBN: 978-3-030-02110-8

Copyright Year: 2019

DOI
https://doi.org/10.1007/978-3-030-02110-8_6

Premium Partner

    Image Credits