1

A Deception Framework for Survivability Against Next Generation Cyber Attacks

Ruchika Mehresh and Shambhu UpadhyayaDepartment of Computer Science and Engineering,

University at Buffalo, Buffalo, NY 14260

3

Motivation

The Asymmetric warfare

Kind of sophisticated attacks happening lately: Botnets, command and control Operation Aurora Stuxnet

4

Problem Statement

How to enable critical systems to survive the next-generation of sophisticated attacks

Deception

5

Introduction

• Survivability is the ability of a system to perform its mission (essential operations) in presence of attacks, faults or accidents

• Focus on how to survive an attack– Does not focus on source or type of attack

6

Introduction

• Survivability involves four phases:– Prevention against faults/attacks– Detection of faults/attacks– Recovery from faults/attacks– Adaptation/Evolution to avoid future attacks

• Timeliness property

7

Introduction

Next-generation attack assessment

Formal requirements

Deception as a tool of defense

Proposed framework

8

SolutionUnderlying pattern in sophisticated attacks [6]

Features:1. Multi-shot2. Stealth3. Contingency plan

9

Formal system requirements

Recognizing the smart adversary

Prevention

Surreptitious detection

Effective recovery with adaptation

Zero-day attacks

10

Formal system requirements

Conserving timeliness property

Non-verifiable deception

11

Deception as tool of defense

• Preventive deception– Hiding, Distraction, Dissuasion

• Detection– Honeypot farm

• Recovery– Concealing the detection till an effective patch has

been worked out

12

Framework

13

Work in progress

• Design issues

• Controlling the feedback loop

• Smart-box design– Assess the nature of the traffic flow– Map AIOS to a honeypot

14

Conclusion

• Deception based survivability solution against sophisticated attacks

• Dealing with zero-day attacks while conserving timeliness property

• Stronger recovery with surreptitious detection

15

References1. E. Nakashima and J. Pomfret. China proves to be an aggressive foe in cyberspace,

November 2009.2. M. Ramilli and M. Bishop. Multi-stage delivery of malware. 5th International

Conference on Malicious and Unwanted Software (MALWARE), 2010.3. E. J. Kartaltepe, J. A. Morales, S. Xu, and R. Sandhu. Social network based botnet

command-and-control: emerging threats and countermeasures. Proceedings of the 8th international conference on Applied cryptography and network security (ACNS), pages 511–528, 2010.

4. M. Labs and M. F. P. Services. Protecting your critical assets, lessons learned from operation aurora. Technical report, 2010.

5. M. J. Gross. A declaration of cyber-war, April 2011.6. K. A. Repik. Defeating adversary network intelligence efforts with active cyber

defense techniques. Master’s thesis, Graduate School of Engineering and Management, Air Force Institute of Technology, 2008.

7. A. D. Lakhani. Deception techniques using honeypots. Master’s thesis, MSc Thesis, ISG, Royal Holloway, University of London, 2003.