Please use this identifier to cite or link to this item:
A SPL Framework for Adaptive Deception-based Defense
|Title:||A SPL Framework for Adaptive Deception-based Defense|
|Authors:||De Faveri, Cristiano|
|Keywords:||Cyber Threat Intelligence and Analytics|
Security, Cyber Deception, Software Product Line, Aspect-Oriented
|Issue Date:||03 Jan 2018|
|Abstract:||In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.|
|Rights:||Attribution-NonCommercial-NoDerivatives 4.0 International|
|Appears in Collections:||Cyber Threat Intelligence and Analytics|
Please contact email@example.com if you need this content in an alternative format.
Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.