Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/63972

HoneyBug: Personalized Cyber Deception for Web Applications

File Size Format  
0188.pdf 8.68 MB Adobe PDF View/Open

Item Summary

Title:HoneyBug: Personalized Cyber Deception for Web Applications
Authors:Niakanlahiji, Amirreza
Jafarian, Jafar Haadi
Chu, Bei-Tseng
Al-Shaer, Ehab
Keywords:Cyber Deception for Defense
active cyber deception
attacker characterization model
evidential reasoning
web honeypot
Date Issued:07 Jan 2020
Abstract:Cyber deception is used to reverse cyber warfare asymmetry by diverting adversaries to false targets in order to avoid their attacks, consume their resources, and potentially learn new attack tactics. In practice, effective cyber deception systems must be both attractive, to offer temptation for engagement, and believable, to convince unknown attackers to stay on the course. However, developing such a system is a highly challenging task because attackers have different expectations, expertise levels, and objectives. This makes a deception system with a static configuration only suitable for a specific type of attackers. In order to attract diverse types of attackers and prolong their engagement, we need to dynamically characterize every individual attacker's interactions with the deception system to learn her sophistication level and objectives and personalize the deception system to match with her profile and interest. In this paper, we present an adaptive deception system, called HoneyBug, that dynamically creates a personalized deception plan for web applications to match the attacker's expectation, which is learned by analyzing her behavior over time. Each HoneyBug plan exhibits fake vulnerabilities specifically selected based on the learned attacker's profile. Through evaluation, we show that HoneyBug characterization model can accurately characterize the attacker profile after observing only a few interactions and adapt its cyber deception plan accordingly. The HoneyBug characterization is built on top of a novel and generic evidential reasoning framework for attacker profiling, which is one of the focal contributions of this work.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/63972
ISBN:978-0-9981331-3-3
DOI:10.24251/HICSS.2020.233
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Cyber Deception for Defense


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons