Software deception steering through version emulation

Frederico Araujo, Sailik Sengupta, Jiyong Jang, Adam Doupé, Kevin W. Hamlen, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.

Original languageEnglish (US)
Title of host publicationProceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
EditorsTung X. Bui
PublisherIEEE Computer Society
Pages1988-1997
Number of pages10
ISBN (Electronic)9780998133140
StatePublished - 2021
Event54th Annual Hawaii International Conference on System Sciences, HICSS 2021 - Virtual, Online
Duration: Jan 4 2021Jan 8 2021

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume2020-January
ISSN (Print)1530-1605

Conference

Conference54th Annual Hawaii International Conference on System Sciences, HICSS 2021
CityVirtual, Online
Period1/4/211/8/21

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint

Dive into the research topics of 'Software deception steering through version emulation'. Together they form a unique fingerprint.

Cite this