150 likes | 307 Views
A Deception Framework for Survivability Against Next Generation Cyber Attacks. Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and Engineering, University at Buffalo, Buffalo , NY 14260. Motivation. The Asymmetric warfare.
E N D
A Deception Framework for Survivability Against Next Generation Cyber Attacks RuchikaMehresh and ShambhuUpadhyaya Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY 14260
Motivation The Asymmetric warfare • Kind of sophisticated attacks happening lately: • Botnets, command and control • Operation Aurora • Stuxnet
Problem Statement How to enable critical systems to survive the next-generation of sophisticated attacks Deception
Introduction • Survivability is the ability of a system to perform its mission (essential operations) in presence of attacks, faults or accidents • Focus on how to survive an attack • Does not focus on source or type of attack
Introduction • Survivability involves four phases: • Prevention against faults/attacks • Detection of faults/attacks • Recovery from faults/attacks • Adaptation/Evolution to avoid future attacks • Timeliness property
Introduction • Next-generation attack assessment • Formal requirements • Deception as a tool of defense • Proposed framework
Underlying pattern in sophisticated attacks [6] Features: Multi-shot Stealth Contingency plan Solution
Formal system requirements • Recognizing the smart adversary • Prevention • Surreptitious detection • Effective recovery with adaptation • Zero-day attacks
Formal system requirements • Conserving timeliness property • Non-verifiable deception
Deception as tool of defense • Preventive deception • Hiding, Distraction, Dissuasion • Detection • Honeypot farm • Recovery • Concealing the detection till an effective patch has been worked out
Work in progress • Design issues • Controlling the feedback loop • Smart-box design • Assess the nature of the traffic flow • Map AIOS to a honeypot
Conclusion • Deception based survivability solution against sophisticated attacks • Dealing with zero-day attacks while conserving timeliness property • Stronger recovery with surreptitious detection
References • E. Nakashima and J. Pomfret. China proves to be an aggressive foe in cyberspace, November 2009. • M. Ramilli and M. Bishop. Multi-stage delivery of malware. 5th International Conference on Malicious and Unwanted Software (MALWARE), 2010. • E. J. Kartaltepe, J. A. Morales, S. Xu, and R. Sandhu. Social network based botnet command-and-control: emerging threats and countermeasures. Proceedings of the 8th international conference on Applied cryptography and network security (ACNS), pages 511–528, 2010. • M. Labs and M. F. P. Services. Protecting your critical assets, lessons learned from operation aurora. Technical report, 2010. • M. J. Gross. A declaration of cyber-war, April 2011. • K. A. Repik. Defeating adversary network intelligence efforts with active cyber defense techniques. Master’s thesis, Graduate School of Engineering and Management, Air Force Institute of Technology, 2008. • A. D. Lakhani. Deception techniques using honeypots. Master’s thesis, MSc Thesis, ISG, Royal Holloway, University of London, 2003.