Cyber deception

Virtual networks to defend insider reconnaissance

Stefan Achleitner, Thomas F. La Porta, Patrick Drew McDaniel, Shridatt Sugrim, Srikanth V. Krishnamurthy, Ritu Chadha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.

Original languageEnglish (US)
Title of host publicationMIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016
PublisherAssociation for Computing Machinery, Inc
Pages57-68
Number of pages12
ISBN (Electronic)9781450345712
DOIs
StatePublished - Oct 28 2016
Event8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016 - Vienna, Austria
Duration: Oct 28 2016 → …

Publication series

NameMIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016

Other

Other8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016
CountryAustria
CityVienna
Period10/28/16 → …

Fingerprint

Scanning
Computer networks
Topology
Software defined networking
Malware

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Science Applications

Cite this

Achleitner, S., La Porta, T. F., McDaniel, P. D., Sugrim, S., Krishnamurthy, S. V., & Chadha, R. (2016). Cyber deception: Virtual networks to defend insider reconnaissance. In MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016 (pp. 57-68). (MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016). Association for Computing Machinery, Inc. https://doi.org/10.1145/2995959.2995962
Achleitner, Stefan ; La Porta, Thomas F. ; McDaniel, Patrick Drew ; Sugrim, Shridatt ; Krishnamurthy, Srikanth V. ; Chadha, Ritu. / Cyber deception : Virtual networks to defend insider reconnaissance. MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016. Association for Computing Machinery, Inc, 2016. pp. 57-68 (MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016).
@inproceedings{2a20ef55c4c14434be0672cf8cd21e53,
title = "Cyber deception: Virtual networks to defend insider reconnaissance",
abstract = "Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.",
author = "Stefan Achleitner and {La Porta}, {Thomas F.} and McDaniel, {Patrick Drew} and Shridatt Sugrim and Krishnamurthy, {Srikanth V.} and Ritu Chadha",
year = "2016",
month = "10",
day = "28",
doi = "10.1145/2995959.2995962",
language = "English (US)",
series = "MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016",
publisher = "Association for Computing Machinery, Inc",
pages = "57--68",
booktitle = "MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016",

}

Achleitner, S, La Porta, TF, McDaniel, PD, Sugrim, S, Krishnamurthy, SV & Chadha, R 2016, Cyber deception: Virtual networks to defend insider reconnaissance. in MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016. MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016, Association for Computing Machinery, Inc, pp. 57-68, 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016, Vienna, Austria, 10/28/16. https://doi.org/10.1145/2995959.2995962

Cyber deception : Virtual networks to defend insider reconnaissance. / Achleitner, Stefan; La Porta, Thomas F.; McDaniel, Patrick Drew; Sugrim, Shridatt; Krishnamurthy, Srikanth V.; Chadha, Ritu.

MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016. Association for Computing Machinery, Inc, 2016. p. 57-68 (MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Cyber deception

T2 - Virtual networks to defend insider reconnaissance

AU - Achleitner, Stefan

AU - La Porta, Thomas F.

AU - McDaniel, Patrick Drew

AU - Sugrim, Shridatt

AU - Krishnamurthy, Srikanth V.

AU - Chadha, Ritu

PY - 2016/10/28

Y1 - 2016/10/28

N2 - Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.

AB - Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet ow on average.

UR - http://www.scopus.com/inward/record.url?scp=85002253412&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85002253412&partnerID=8YFLogxK

U2 - 10.1145/2995959.2995962

DO - 10.1145/2995959.2995962

M3 - Conference contribution

T3 - MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016

SP - 57

EP - 68

BT - MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016

PB - Association for Computing Machinery, Inc

ER -

Achleitner S, La Porta TF, McDaniel PD, Sugrim S, Krishnamurthy SV, Chadha R. Cyber deception: Virtual networks to defend insider reconnaissance. In MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016. Association for Computing Machinery, Inc. 2016. p. 57-68. (MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016). https://doi.org/10.1145/2995959.2995962