Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN Approach

Shimanaka, Toru
Masuoka, Ryusuke
Hay, Brian
Journal Title
Journal ISSN
Volume Title
Significant valuable information can be determined by observing attackers in action. These observations provide significant insight into the attacker’s TTPs and motivations. It is challenging to continue observations when attackers breach operational networks. This paper describes a deception network methodology that redirects traffic from the compromised Operational Network (O-Net) to an identically configured Deception Network (D-Net) minimizing any further compromise of operational data and assets, while also allowing the tactics, techniques, and procedures of the attacker to be studied. To keep the adversary oblivious to the transfer from the O-Net to the D-Net, we employ a sophisticated and unique packet rewriting technique using Software Defined Networking (SDN) technology that builds on two other strategies. This paper discusses the foundational strategies and introduces a new strategy that improves behavior for our described scenarios. We then provide some preliminary test results and suggest topics for further research.
Cybersecurity and Software Assurance, Software Technology, covert attack reconnaissance, cyber deception, honeypot, OpenFlow, software defined networking
Access Rights
Email if you need this content in ADA-compliant format.