Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN Approach

Date
2019-01-08
Authors
Shimanaka, Toru
Masuoka, Ryusuke
Hay, Brian
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
Significant valuable information can be determined by observing attackers in action. These observations provide significant insight into the attacker’s TTPs and motivations. It is challenging to continue observations when attackers breach operational networks. This paper describes a deception network methodology that redirects traffic from the compromised Operational Network (O-Net) to an identically configured Deception Network (D-Net) minimizing any further compromise of operational data and assets, while also allowing the tactics, techniques, and procedures of the attacker to be studied. To keep the adversary oblivious to the transfer from the O-Net to the D-Net, we employ a sophisticated and unique packet rewriting technique using Software Defined Networking (SDN) technology that builds on two other strategies. This paper discusses the foundational strategies and introduces a new strategy that improves behavior for our described scenarios. We then provide some preliminary test results and suggest topics for further research.
Description
Keywords
Cybersecurity and Software Assurance, Software Technology, covert attack reconnaissance, cyber deception, honeypot, OpenFlow, software defined networking
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 52nd Hawaii International Conference on System Sciences
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.