Jafarian, Jafar Haadi
Cyber Agility for Attack Deterrence and Deception
1 online resource (200 pages) : PDF
University of North Carolina at Charlotte
In recent years, we have witnessed a rise in quantity and sophistication of cyber attacks. Meanwhile, traditional defense techniques have not been adequate in addressing this status quo. This is because the focus has remained mostly on either identifying and patching exploits, or detecting and filtering them. These techniques are only effective when intrusions are known or detectable. However, unknown (zero-day) vulnerabilities are constantly being discovered, and known vulnerabilities are not often patched promptly. Even worse, while defenders need to patch all vulnerabilities and intrusions paths against unknown malicious entities, the attackers only need to discover only one successful intrusion path in a system that is known and static. These asymmetric advantages have constantly kept attackers one step ahead of defenders. To reverse this asymmetry in cyber warfare, we aim to propose new proactive defense paradigms that can deter or deceive cyber attackers without relying on intrusion detection and prevention and by offering cyber agility as a system property. Cyber agility allows for system configuration to be changed dynamically without jeopardizing operational and mission requirements of the system. In this thesis, we introduce two novel cyber agility techniques based on two paradigms of cyber deterrence and cyber deception. Cyber deterrence techniques aim to deter cyber threats by changing system configurations randomly and frequently. In contrast, cyber deception techniques aim to deflect attacks to fake targets by misrepresenting system configurations strategically and adaptively. In the first part of this dissertation, we propose a multi-strategy, multi-parameter and multi-dimensional host identity mutation technique for deterring reconnaissance attacks. This deterrence is achieved by mutating IP addresses and anonymizing fingerprints of network hosts both proactively and adaptively. Through simulation and analytical investigation, we show that our approach significantly increases the attack cost for coordinated scanning worms, advanced network reconnaissance techniques, and multi-stage APT attacks.In the second part, we propose a formal framework to construct active cyber deception plans that are goal-oriented and dynamic. Our framework introduces a deception logic that models consistencies and conflicts among various deception strategies (e.g., lies) and quantifies the benefit and cost of potential deception plans. In the third part, we demonstrate and evaluate our deception planning framework by constructing an effective deception plan against multi-stage attacks. Through our experimentation, we show that the generated deception plans are effective and economical, and outperform existing or random deception plans.
CYBER AGILITYCYBER DECEPTIONCYBER DETERRENCEDECEPTION PLANNINGIP MUTATIONNETWORK RECONNAISSANCE
Cukic, BojanChu, BillWei, Jinpeng
Thesis (Ph.D.)--University of North Carolina at Charlotte, 2017.
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). For additional information, see http://rightsstatements.org/page/InC/1.0/.
Copyright is held by the author unless otherwise indicated.