Please use this identifier to cite or link to this item:

Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN Approach

File Size Format  
0726.pdf 1.23 MB Adobe PDF View/Open

Item Summary

Title:Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN Approach
Authors:Shimanaka, Toru
Masuoka, Ryusuke
Hay, Brian
Keywords:Cybersecurity and Software Assurance
Software Technology
covert attack reconnaissance, cyber deception, honeypot, OpenFlow, software defined networking
Date Issued:08 Jan 2019
Abstract:Significant valuable information can be determined by observing attackers in action. These observations provide significant insight into the attacker’s TTPs and motivations. It is challenging to continue observations when attackers breach operational networks. This paper describes a deception network methodology that redirects traffic from the compromised Operational Network (O-Net) to an identically configured Deception Network (D-Net) minimizing any further compromise of operational data and assets, while also allowing the tactics, techniques, and procedures of the attacker to be studied. To keep the adversary oblivious to the transfer from the O-Net to the D-Net, we employ a sophisticated and unique packet rewriting technique using Software Defined Networking (SDN) technology that builds on two other strategies. This paper discusses the foundational strategies and introduces a new strategy that improves behavior for our described scenarios. We then provide some preliminary test results and suggest topics for further research.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cybersecurity and Software Assurance

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons