Visible to the public Biblio

Filters: Author is Cam, Hasan  [Clear All Filters]
2020-05-15
Sugrim, Shridatt, Venkatesan, Sridhar, Youzwak, Jason A., Chiang, Cho-Yu J., Chadha, Ritu, Albanese, Massimiliano, Cam, Hasan.  2018.  Measuring the Effectiveness of Network Deception. 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). :142—147.

Cyber reconnaissance is the process of gathering information about a target network for the purpose of compromising systems within that network. Network-based deception has emerged as a promising approach to disrupt attackers' reconnaissance efforts. However, limited work has been done so far on measuring the effectiveness of network-based deception. Furthermore, given that Software-Defined Networking (SDN) facilitates cyber deception by allowing network traffic to be modified and injected on-the-fly, understanding the effectiveness of employing different cyber deception strategies is critical. In this paper, we present a model to study the reconnaissance surface of a network and model the process of gathering information by attackers as interactions with a cyber defensive system that may use deception. To capture the evolution of the attackers' knowledge during reconnaissance, we design a belief system that is updated by using a Bayesian inference method. For the proposed model, we present two metrics based on KL-divergence to quantify the effectiveness of network deception. We tested the model and the two metrics by conducting experiments with a simulated attacker in an SDN-based deception system. The results of the experiments match our expectations, providing support for the model and proposed metrics.

2018-01-16
Mergendahl, Samuel, Sisodia, Devkishen, Li, Jun, Cam, Hasan.  2017.  Source-End DDoS Defense in IoT Environments. Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. :63–64.

While the Internet of Things (IoT) becomes increasingly popular and pervasive in everyday objects, IoT devices often remain unprotected and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. One could attempt to employ traditional DDoS defense solutions, but these solutions are hardly suitable in IoT environments since they seldom consider the resource constraints of IoT devices. This paper presents FR-WARD which defends against DDoS attacks launched from an IoT network. FR-WARD is an adaptation of the classic DDoS defense system D-WARD. While both solutions are situated near the attack sources and drop packets to throttle DDoS traffic, FR-WARD utilizes the fast retransmit mechanism in TCP congestion control to minimize resource penalties on benign IoT devices. Based on our analysis and simulation results, FR-WARD not only effectively throttles DDoS traffic but also minimizes retransmission overhead for benign IoT devices.