1
A Deception Framework for Survivability Against Next Generation Cyber Attacks
Ruchika Mehresh and Shambhu UpadhyayaDepartment of Computer Science and Engineering,
University at Buffalo, Buffalo, NY 14260
3
Motivation
The Asymmetric warfare
Kind of sophisticated attacks happening lately: Botnets, command and control Operation Aurora Stuxnet
4
Problem Statement
How to enable critical systems to survive the next-generation of sophisticated attacks
Deception
5
Introduction
• Survivability is the ability of a system to perform its mission (essential operations) in presence of attacks, faults or accidents
• Focus on how to survive an attack– Does not focus on source or type of attack
6
Introduction
• Survivability involves four phases:– Prevention against faults/attacks– Detection of faults/attacks– Recovery from faults/attacks– Adaptation/Evolution to avoid future attacks
• Timeliness property
7
Introduction
Next-generation attack assessment
Formal requirements
Deception as a tool of defense
Proposed framework
8
SolutionUnderlying pattern in sophisticated attacks [6]
Features:1. Multi-shot2. Stealth3. Contingency plan
9
Formal system requirements
Recognizing the smart adversary
Prevention
Surreptitious detection
Effective recovery with adaptation
Zero-day attacks
10
Formal system requirements
Conserving timeliness property
Non-verifiable deception
11
Deception as tool of defense
• Preventive deception– Hiding, Distraction, Dissuasion
• Detection– Honeypot farm
• Recovery– Concealing the detection till an effective patch has
been worked out
12
Framework
13
Work in progress
• Design issues
• Controlling the feedback loop
• Smart-box design– Assess the nature of the traffic flow– Map AIOS to a honeypot
14
Conclusion
• Deception based survivability solution against sophisticated attacks
• Dealing with zero-day attacks while conserving timeliness property
• Stronger recovery with surreptitious detection
15
References1. E. Nakashima and J. Pomfret. China proves to be an aggressive foe in cyberspace,
November 2009.2. M. Ramilli and M. Bishop. Multi-stage delivery of malware. 5th International
Conference on Malicious and Unwanted Software (MALWARE), 2010.3. E. J. Kartaltepe, J. A. Morales, S. Xu, and R. Sandhu. Social network based botnet
command-and-control: emerging threats and countermeasures. Proceedings of the 8th international conference on Applied cryptography and network security (ACNS), pages 511–528, 2010.
4. M. Labs and M. F. P. Services. Protecting your critical assets, lessons learned from operation aurora. Technical report, 2010.
5. M. J. Gross. A declaration of cyber-war, April 2011.6. K. A. Repik. Defeating adversary network intelligence efforts with active cyber
defense techniques. Master’s thesis, Graduate School of Engineering and Management, Air Force Institute of Technology, 2008.
7. A. D. Lakhani. Deception techniques using honeypots. Master’s thesis, MSc Thesis, ISG, Royal Holloway, University of London, 2003.