| Title | Ensuring Deception Consistency for FTP Services Hardened Against Advanced Persistent Threats |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Shu, Zhan, Yan, Guanhua |
| Conference Name | Proceedings of the 5th ACM Workshop on Moving Target Defense |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6003-6 |
| Keywords | advanced persistent threat, advanced persistent threats, cyber deception, deception consistency, Human Behavior, Metrics, pubcrawl, Resiliency, Scalability |
| Abstract | As evidenced by numerous high-profile security incidents such as the Target data breach and the Equifax hack, APTs (Advanced Persistent Threats) can significantly compromise the trustworthiness of cyber space. This work explores how to improve the effectiveness of cyber deception in hardening FTP (File Transfer Protocol) services against APTs. The main objective of our work is to ensure deception consistency: when the attackers are trapped, they can only make observations that are consistent with what they have seen already so that they cannot recognize the deceptive environment. To achieve deception consistency, we use logic constraints to characterize an attacker's best knowledge (either positive, negative, or uncertain). When migrating the attacker's FTP connection into a contained environment, we use these logic constraints to instantiate a new FTP file system that is guaranteed free of inconsistency. We performed deception experiments with student participants who just completed a computer security course. Following the design of Turing tests, we find that the participants' chances of recognizing deceptive environments are close to random guesses. Our experiments also confirm the importance of observation consistency in identifying deception. |
| URL | http://doi.acm.org/10.1145/3268966.3268971 |
| DOI | 10.1145/3268966.3268971 |
| Citation Key | shu_ensuring_2018 |
Ensuring Deception Consistency for FTP Services Hardened Against Advanced Persistent Threats