|
Our computing systems are constantly under attack, by everyone from pranksters to agents of hostile nations. Many of those systems and networks make the task of the adversary easier by responding to attacks with useful information. This is because software and protocols have been written for decades to provide informative feedback for error detection and correction. It is precisely this behavior that enhances the chances of success by attackers, by allowing them to map networks and determine system flaws. This research addresses the question "Are there uses of deceptive responses that help prevent successful attacks?" Furthermore, the study investigates if it is possible to characterize and model the types of situations where deception may be useful. The result of this work provides cyber system designers with some new defensive measures, and guidance as to when they are useful to deploy.
The project includes two related lines of research. The first of these is to explore some new applications of deceit in system defense. The researchers investigate presenting deceptive responses to attempts to exploit known vulnerabilities, and building a file system that "lies" about the creation and deletion of key files. Each of these mechanisms should support a system's security by providing early warning of bad behavior as well as blunting attacks. Deceitful responses to attacks can lead a perpetrator to employ ineffective attacks, thus wasting time and effort. A deceptive file system can capture forensic data about an attempted attack while only appearing to allow the installation of malicious files. The second line of research explores how to apply hypergame models to cyber defenses using deceptive techniques. Hypergames are an extension of game theory that includes incorrect and uncertain information. By constructing hypergame models we should be able to determine situations where there is a favorable result when deception is employed as a defense.
|
EAGER: Exploring the Use of Deception to Enhance Cyber Security