CyberMoat: Camouflaging Critical Server Infrastructures with Large Scale Decoy Farms
Title | CyberMoat: Camouflaging Critical Server Infrastructures with Large Scale Decoy Farms |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Sun, J., Sun, K., Li, Q. |
Conference Name | 2017 IEEE Conference on Communications and Network Security (CNS) |
Date Published | oct |
Publisher | IEEE |
ISBN Number | 978-1-5386-0683-4 |
Keywords | attack detection, attacker reconnaissance, authentication, critical server camouflaging, critical server infrastructures, CyberMoat, deception-based cyber defenses, decoy platform, decoy systems, decoy-enhanced defense framework, defense mechanisms, deployed decoys, dynamic proxy address shuffling, Fingerprint recognition, high-fidelity decoy servers, information gathering, Monitoring, Network reconnaissance, pubcrawl, Reconnaissance, Resiliency, security of data, Servers, service availability, static decoy configurations, targeted remote attacks, telecommunication security, transparent connection translation strategy, versatile front-end proxies, Virtual machining |
Abstract | Traditional deception-based cyber defenses often undertake reactive strategies that utilize decoy systems or services for attack detection and information gathering. Unfortunately, the effectiveness of these defense mechanisms has been largely constrained by the low decoy fidelity, the poor scalability of decoy platform, and the static decoy configurations, which allow the attackers to identify and bypass the deployed decoys. In this paper, we develop a decoy-enhanced defense framework that can proactively protect critical servers against targeted remote attacks through deception. To achieve both high fidelity and good scalability, our system follows a hybrid architecture that separates lightweight yet versatile front-end proxies from back-end high-fidelity decoy servers. Moreover, our system can further invalidate the attackers' reconnaissance through dynamic proxy address shuffling. To guarantee service availability, we develop a transparent connection translation strategy to maintain existing connections during shuffling. Our evaluation on a prototype implementation demonstrates the effectiveness of our approach in defeating attacker reconnaissance and shows that it only introduces small performance overhead. |
URL | http://ieeexplore.ieee.org/document/8228642/ |
DOI | 10.1109/CNS.2017.8228642 |
Citation Key | sun_cybermoat:_2017 |
- information gathering
- Attack detection
- attacker reconnaissance
- authentication
- critical server camouflaging
- critical server infrastructures
- CyberMoat
- deception-based cyber defenses
- decoy platform
- decoy systems
- decoy-enhanced defense framework
- deployed decoys
- dynamic proxy address shuffling
- Fingerprint recognition
- high-fidelity decoy servers
- Virtual machining
- Monitoring
- Network reconnaissance
- pubcrawl
- Reconnaissance
- Resiliency
- defense mechanisms
- security of data
- Servers
- service availability
- static decoy configurations
- targeted remote attacks
- telecommunication security
- transparent connection translation strategy
- versatile front-end proxies