Software Deception Steering through Version Emulation

Date
2021-01-05
Authors
Araujo, Frederico
Sengupta, Sailik
Jang, Jiyong
Doupé, Adam
Hamlen, Kevin
Kambhampati, Subbarao
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.
Description
Keywords
Cyber Deception and Cyber Psychology for Defense, agility, cyberdeception, game theory, security engineering, software security
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.