Please use this identifier to cite or link to this item:

A SPL Framework for Adaptive Deception-based Defense

File Size Format  
paper0693.pdf 926.31 kB Adobe PDF View/Open

Item Summary

Title:A SPL Framework for Adaptive Deception-based Defense
Authors:De Faveri, Cristiano
Moreira, Ana
Keywords:Cyber Threat Intelligence and Analytics
Security, Cyber Deception, Software Product Line, Aspect-Oriented
Date Issued:03 Jan 2018
Abstract:In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cyber Threat Intelligence and Analytics

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons