Please use this identifier to cite or link to this item:

A SPL Framework for Adaptive Deception-based Defense

File Size Format  
paper0693.pdf 926.31 kB Adobe PDF View/Open

Item Summary De Faveri, Cristiano Moreira, Ana 2017-12-28T02:18:07Z 2017-12-28T02:18:07Z 2018-01-03
dc.identifier.isbn 978-0-9981331-1-9
dc.description.abstract In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.
dc.format.extent 10 pages
dc.language.iso eng
dc.relation.ispartof Proceedings of the 51st Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.subject Cyber Threat Intelligence and Analytics
dc.subject Security, Cyber Deception, Software Product Line, Aspect-Oriented
dc.title A SPL Framework for Adaptive Deception-based Defense
dc.type Conference Paper
dc.type.dcmi Text
dc.identifier.doi 10.24251/HICSS.2018.691
Appears in Collections: Cyber Threat Intelligence and Analytics

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons