Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN Approach
Files
Date
2019-01-08
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
Significant valuable information can be determined by observing attackers in action. These observations provide significant insight into the attacker’s TTPs and motivations. It is challenging to continue observations when attackers breach operational networks. This paper describes a deception network methodology that redirects traffic from the compromised Operational Network (O-Net) to an identically configured Deception Network (D-Net) minimizing any further compromise of operational data and assets, while also allowing the tactics, techniques, and procedures of the attacker to be studied. To keep the adversary oblivious to the transfer from the O-Net to the D-Net, we employ a sophisticated and unique packet rewriting technique using Software Defined Networking (SDN) technology that builds on two other strategies. This paper discusses the foundational strategies and introduces a new strategy that improves behavior for our described scenarios. We then provide some preliminary test results and suggest topics for further research.
Description
Keywords
Cybersecurity and Software Assurance, Software Technology, covert attack reconnaissance, cyber deception, honeypot, OpenFlow, software defined networking
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 52nd Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.