Please use this identifier to cite or link to this item:

A SPL Framework for Adaptive Deception-based Defense

File SizeFormat 
paper0693.pdf926.31 kBAdobe PDFView/Open

Item Summary

Title: A SPL Framework for Adaptive Deception-based Defense
Authors: De Faveri, Cristiano
Moreira, Ana
Keywords: Cyber Threat Intelligence and Analytics
Security, Cyber Deception, Software Product Line, Aspect-Oriented
Issue Date: 03 Jan 2018
Abstract: In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.
Pages/Duration: 10 pages
ISBN: 978-0-9981331-1-9
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Cyber Threat Intelligence and Analytics

Please contact if you need this content in an alternative format.

Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.