Jassim Happa
Deception in network defences using unpredictability
Happa, Jassim; Bashford-Rogers, Thomas; Van Rensburg, Alastair Janse; Goldsmith, Michael; Creese, Sadie
Authors
Tom Bashford-Rogers Tom.Bashford-Rogers@uwe.ac.uk
Associate Lecturer - CATE - CCT - UCCT0001
Alastair Janse Van Rensburg
Michael Goldsmith
Sadie Creese
Abstract
In this article, we propose a novel method that aims to improve upon existing moving-target defences by making them unpredictably reactive using probabilistic decision-making. We postulate that unpredictability can improve network defences in two key capacities: (1) by re-configuring the network in direct response to detected threats, tailored to the current threat and a security posture, and (2) by deceiving adversaries using pseudo-random decision-making (selected from a set of acceptable set of responses), potentially leading to adversary delay and failure. Decisions are performed automatically, based on reported events (e.g., Intrusion Detection System (IDS) alerts), security posture, mission processes, and states of assets. Using this codified form of situational awareness, our system can respond differently to threats each time attacker activity is observed, acting as a barrier to further attacker activities. We demonstrate feasibility with both anomaly-and misuse-based detection alerts, for a historical dataset (playback), and a real-time network simulation where asset-to-mission mappings are known. Our findings suggest that unpredictability yields promise as a new approach to deception in laboratory settings. Further research will be necessary to explore unpredictability in production environments.
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Feb 15, 2021 |
| Online Publication Date | Oct 15, 2021 |
| Publication Date | 2021-12 |
| Deposit Date | Mar 25, 2021 |
| Publicly Available Date | Oct 22, 2021 |
| Journal | Digital Threats: Research and Practice |
| Print ISSN | 2692-1626 |
| Electronic ISSN | 2576-5337 |
| Publisher | Association for Computing Machinery (ACM) |
| Peer Reviewed | Peer Reviewed |
| Volume | 2 |
| Issue | 4 |
| Article Number | 29 |
| DOI | https://doi.org/10.1145/3450973 |
| Keywords | Networks; Network simulations; Network experimentation; Security and privacy; Firewalls; Information flow control; Computer systems organization; Dependable and fault- tolerant systems and networks; Network defences; Decision trees; Situational awareness |
| Public URL | https://uwe-repository.worktribe.com/output/7232463 |
Files
Deception in network defences using unpredictability
(1.8 Mb)
PDF
Licence
http://www.rioxx.net/licenses/all-rights-reserved
Publisher Licence URL
http://www.rioxx.net/licenses/all-rights-reserved
Copyright Statement
This is the author's accepted manuscript. The final published version is available here: https://doi.org/10.1145/3450973
You might also like
Learning preferential perceptual exposure for HDR displays
(2019)
Journal Article
Olfaction and selective rendering
(2017)
Journal Article
Subjective evaluation of high-fidelity virtual environments for driving simulations
(2017)
Journal Article
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search