TY - GEN
T1 - Software deception steering through version emulation
AU - Araujo, Frederico
AU - Sengupta, Sailik
AU - Jang, Jiyong
AU - Doupé, Adam
AU - Hamlen, Kevin W.
AU - Kambhampati, Subbarao
N1 - Funding Information:
The research reported herein was supported in part by ONR award N00014-17-1-2995, and by U.S. ACC-APG / DARPA award W912CG-19-C-0003. Any opinions, recommendations, or conclusions expressed are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. Approved for Public Release, Distribution Unlimited
Publisher Copyright:
© 2021 IEEE Computer Society. All rights reserved.
PY - 2021
Y1 - 2021
N2 - Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.
AB - Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.
UR - http://www.scopus.com/inward/record.url?scp=85106083748&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85106083748&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85106083748
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 1988
EP - 1997
BT - Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
A2 - Bui, Tung X.
PB - IEEE Computer Society
T2 - 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
Y2 - 4 January 2021 through 8 January 2021
ER -