Abstract
Cyber deception has emerged as a promising approach to increase the amount of effort required to conduct an attack campaign. Since the beginning of deception, several honey-based technologies have been built to defend individual portions of a network attack surface. Different honey-based technologies can be combined to further increase attackers’ cost and elicit behaviors from them which facilitate understanding their intentions and capabilities. Combining different deceptive elements would create a deceptive network surface. As attackers vary in their intentions and capabilities, presenting them with a one-size-fits-all deceptive network surface is inadequate. Therefore, there is clear need for dynamic deceptive network surfaces that are tailored to protect against different adversary classes. In a resource-constrained environment, enabling large-scale monitoring, data processing, deception planning and subsequently, deploying a customized deceptive network surface in real-time will be challenging if done manually. We envision that models inspired from the autonomic computing paradigm can efficiently tackle such challenges. To enable the development of such models and provide empirical evidence to validate their efficacy, in this chapter, we will present a framework that can act as a common platform to study different autonomic computing models. The framework is built on top of an existing deception platform called ACyDS. We will describe the current platform and enumerate its capabilities such as sensing the environment and generating deceptive network surfaces. We will also show how a well-known autonomic computing architecture called MAPE-K can be realized through our framework.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Almeshekah MH, Spafford EH, Atallah MJ (2013) Improving security using deception. Center for Education and Research Information Assurance and Security, Purdue University, Tech. Rep. CERIAS Tech Report 13 (2013).
Achleitner S, Porta TL, McDaniel P, Sugrim S, Krishnamurthy SV, Chadha R (2016) Cyber deception: Virtual networks to defend insider reconnaissance. In Proceedings of the 8th ACM CCS international workshop on managing insider security threats, pp. 57–68.
Bercovitch M, Renford M, Hasson L, Shabtai A, Rokach L, Elovici Y (2011) HoneyGen: An automated honeytokens generator. In Intelligence and Security Informatics (ISI), 2011 IEEE International Conference on, pp. 131–136. IEEE.
BIND. http://www.bind9.ne.
Carroll TE, Daniel G (2011) A game theoretic investigation of deception in network security. Security and Communication Networks 4, no. 10: pp. 1162–1172.
Chiang CJ, Gottlieb YM, Sugrim S, Chadha R, Serban C, Poylisher A, Marvel LM, Santos J (2016) ACyDS: An adaptive cyber deception system. In Military Communications Conference, MILCOM 2016, pp. 800–805.
Dionaea. https://github.com/DinoTools/dionaea. Retrieved on 17 July 2018.
Duan Q, Al-Shaer E, Jafarian H (2013) Efficient random route mutation considering flow and network constraints. In IEEE Conference on Communications and Network Security (CNS), pp. 260–268.
Fishburn PC (1970) Utility theory for decision making. No. RAC-R-105. Research analysis corp McLean, VA.
Ganesan R, Jajodia S, Shah A, Cam H (2016) Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning. ACM Transactions on Intelligent Systems and Technology (TIST) 8, no. 1: pp. 4.
Golla M, Beuscher B, Drmuth M (2016) On the security of cracking-resistant password vaults. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security, pp. 1230–1241. ACM.
Huebscher MC, McCann JA (2008) A survey of autonomic computing - degrees, models, and applications. ACM Computing Surveys (CSUR) 40, no. 3: pp. 7.
IBM Group (2003) An architectural blueprint for autonomic computing. IBM White paper.
OpenFlow. https://www.opennetworking.org/software-defined-standards/specifications/, retrieved on 17 July 2018.
Jajodia S, Ghosh AK, Swarup V, Wang C, Wang XS, eds (2011) Moving target defense: creating asymmetric uncertainty for cyber threats.’ Vol. 54. Springer Science & Business Media.
Juels A, Rivest RL (2013) Honeywords: Making password-cracking detectable. In Proceedings of ACM SIGSAC conference on Computer & communications security, pp. 145–160. ACM.
Kippo - SSH Honeypot. https://github.com/desaster/kippo. Retrieved on 3 November 2018.
Open vSwitch. https://www.openvswitch.org/. Retrieved on 17 July 2018.
Provos N (2003) Honeyd-a virtual honeypot daemon. In 10th DFN-CERT Workshop, Hamburg, Germany, vol. 2, p. 4.
RYU. https://osrg.github.io/ryu/. Retrieved on 5 October 2018.
Robertson S, Alexander S, Micallef J, Pucci J, Tanis J, Macera A (2015) CINDAM: Customized information networks for deception and attack mitigation. In IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW), pp. 114–119. IEEE.
Venkatesan S, Sugrim S, Izmailov R, Chiang CJ, Chadha R, Doshi B, Hoffman B, Newcomb EA, Buchler N. On Detecting Manifestation of Adversary Characteristics. Accepted in IEEE MILCOM, 2018.
Acknowledgements
This research was sponsored by the U.S. Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Venkatesan, S., Sugrim, S., Youzwak, J.A., Chiang, CY.J., Chadha, R. (2020). A Framework for Studying Autonomic Computing Models in Cyber Deception. In: Jajodia, S., Cybenko, G., Subrahmanian, V., Swarup, V., Wang, C., Wellman, M. (eds) Adaptive Autonomous Secure Cyber Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-33432-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-33432-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33431-4
Online ISBN: 978-3-030-33432-1
eBook Packages: Computer ScienceComputer Science (R0)