Cyber Deception: Building the Scientific Foundation
- Length: 322 pages
- Edition: 1
- Language: English
- Publisher: Springer
- Publication Date: 2016-07-22
- ISBN-10: 331932697X
- ISBN-13: 9783319326979
- Sales Rank: #4501653 (See Top 100 Books)
This edited volume features a wide spectrum of the latest computer science research relating to cyber deception. Specifically, it features work from the areas of artificial intelligence, game theory, programming languages, graph theory, and more. The work presented in this book highlights the complex and multi-facted aspects of cyber deception, identifies the new scientific problems that will emerge in the domain as a result of the complexity, and presents novel approaches to these problems.
This book can be used as a text for a graduate-level survey/seminar course on cutting-edge computer science research relating to cyber-security, or as a supplemental text for a regular graduate-level course on cyber-security.
Preface Acknowledgments Contents Integrating Cyber-D&D into Adversary Modeling for Active Cyber Defense 1 Vision for Cyber-D&D in Active Cyber Defense 2 Key Elements of Integrating Cyber-D&D into Adversary Modeling 3 Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) 4 D&D Types and Tactics 5 Cyber-Deception Chain 6 The Deception Chain and the Cyber Kill Chain 6.1 Purpose: Legitimate Versus Compromised Credentials 6.2 Collect Information: Legitimate Credentials: Tactics and Technical Description 6.3 Design Cover Story: D&D Methods Matrix 6.4 Plan: Legitimate Credentials: Detection and Mitigation 7 Summary Cyber Security Deception 1 Introduction 1.1 Definition 2 A Brief History 2.1 Honey-Based Tools 2.1.1 Honeypots 2.1.2 Other Honey Prefixed Tools 2.2 Limitations of Isolated Use of Deception 3 Deception as a Security Technique 3.1 Advantages of Using Deception in Computer Defenses 3.2 Deception in the Cyber Kill-Chain 3.3 Deception and Obscurity 3.4 Offensive Deception 4 A Framework to Integrate Deception in Computer Defenses 4.1 The Role of Biases 4.1.1 Personal Biases 4.1.2 Cultural Biases 4.1.3 Organizational Biases 4.1.4 Cognitive Biases 4.2 Planning Deception 4.2.1 Adversaries' Biases 4.2.2 Creating the Deception Story 4.2.3 Feedback Channels and Risks 4.3 Implementing and Integrating Deception 4.4 Monitoring and Evaluating the Use of Deception References Quantifying Covertness in Deceptive Cyber Operations 1 Introduction 2 Defense Models 3 Malware Models 3.1 Collect Malware Samples 3.2 Coarse Analysis/Downselect 3.3 In-Situ Analysis 3.4 Identify and Quantify Malware Indicators 4 Covertness Calculus 5 Conclusion References Design Considerations for Building Cyber Deception Systems 1 Introduction 1.1 Taxonomies 1.1.1 Deception Story 1.1.2 Cyberspace Network Environment 1.1.3 Deception Profiles 1.2 Deception Goals 2 Capability Requirements 2.1 General Considerations 2.2 Command and Control (C2) 2.2.1 Deception Design and Planning 2.2.2 Situation Awareness and Run-Time Centralized Configuration Control 2.3 Deception Design Process 2.4 Other Design Considerations 2.4.1 Modularity 2.4.2 Resiliency, Agility and MTD in Deception 2.4.3 C2 Interface 2.4.4 C2 Coordinated Response and Deployment 2.4.5 Interoperability with Mainstream Defensive Controls 3 Deception Factors to Consider for the Deception Scenario 3.1 What Is Believability? 3.2 Projecting Certainty vs. Uncertainty in Deception (Equivocation) 3.3 Is Explicit Deception Beneficial? 3.4 Static vs. Dynamic Deception 3.5 Pro-active vs. Reactive Deception 3.6 Deception Triggers and False Positive Mitigation 3.7 Software Defined Networking (SDN) vs. Stand-Alone Appliances 3.8 Engaging the Attacker 3.9 APT Cyber Kill Chains and Mission Deception Focus 4 Deception Challenges 4.1 Minimizing Effect on Mission Operations 4.2 Deception Controls as Subjects of Potential Attacks 4.3 Attacker's Work Factor Assessment 4.4 Deception Domain Specific Language 5 Conclusions References A Proactive and Deceptive Perspective for Role Detection and Concealment in Wireless Networks 1 Introduction 2 Models and Problem Statement 2.1 Network Model 2.2 Node and Role Model 2.3 Adversary Model 2.4 Problem Statement 3 Role Detection 3.1 Backgrounds on Network Flow Analysis 3.2 Detection Method Design 3.3 Performance Evaluation 4 Role Concealment 4.1 Design Methodology 4.2 Simulations 4.3 Discussions 5 Summary References Effective Cyber Deception 1 Introduction 2 Survey of Related Work 3 Active Deception 3.1 Game Modeling with Deception 4 Attacker Model 5 The Attacker Game 6 Attacker Actions 7 Threats 8 Exploits and Metrics 9 Transition Probabilities 10 Scoring 11 Attacker Optimal Solution 12 Defender Model 13 Deception Model and Actions 14 Transition Probabilities 15 Scoring 16 The Deception Game 17 Observations 18 Passive Deception 18.1 Polydeception 19 Summary References Cyber-Deception and Attribution in Capture-the-Flag Exercises 1 Introduction 2 Related Work 3 Dataset 3.1 DEFCON CTF 3.2 DEFCON CTF Data 3.3 Analysis 4 Baseline Approaches 4.1 Experimental Results 4.2 Misclassified Samples 4.2.1 Average Prediction Probability 5 Pruning 5.1 Discussion 5.2 Ensemble Classifier 6 Conclusion 7 Future Work References Deceiving Attackers by Creating a Virtual Attack Surface 1 Introduction 2 Related Work 3 Threat Model 4 Motivating Example 5 Our Approach 5.1 View Model 5.2 Problem Statement 5.3 Algorithms 5.3.1 Algorithm TopKDistance 5.3.2 Algorithm TopKBudget 6 Fingerprinting 6.1 SinFP3 6.2 p0f 6.3 Nessus 6.4 Solution Design 6.5 Implementation 6.5.1 Operating System Fingerprint Module 6.5.2 Service Fingerprint Module 7 Experimental Evaluation 7.1 Evaluation of TopKDistance 7.2 Evaluation of TopKBudget 7.3 Legitimate User Perspective 7.4 Attacker Perspective 7.5 Drawbacks 8 Conclusions References Embedded Honeypotting 1 Introduction to Software Cyber Deception 2 Honey-Patching: A New Software Cyber Deception Technology 2.1 Honey-Patch Design Principles 2.2 Architecture 3 Process Image Secret Redaction 3.1 Sourcing and Tracking Secrets 3.2 Formal Semantics 3.3 An Integrated Secret-Redacting, Honey-Patching Architecture 4 Case Study: A Honey-Patch for Shellshock 5 Is Honey-Patching Security Through Obscurity? 6 Conclusion References Agile Virtual Infrastructure for Cyber Deception Against Stealthy DDoS Attacks 1 Introduction 2 Related Work 3 Agile VN Framework 3.1 Modeling VN Placement 3.1.1 Reachability Constraints 3.1.2 Load Satisfaction Constraint 3.1.3 Middle-ware Device Constraint 3.1.4 Quality of Service Constraint 3.1.5 Node Stress Constraint 3.1.6 Pair Mapping Constraint 3.1.7 Loop Avoidance Constraint 4 Modeling Threat 4.1 Defender's View vs. Attacker's View 5 Modeling MoveNet Sensing 5.1 Detecting Reconnaissance Attack 5.2 Identifying Critical Targets 5.3 Cyber Deception Based Defense 6 Modeling Threat Aware Migration 6.1 Migration Disturbance Constraint 6.2 Migration Distance Constraint 7 Migration Mechanism 7.1 Implementing VN Placement 7.2 Implementing Threat Model 7.3 Implementing Partial Migration 8 Implementation and Evaluation 8.1 Experiment Setup Discussion 8.1.1 PlanetLab Based Experiment Setup 8.1.2 Simulation Based Experiment Setup 8.1.3 Mininet-Based Experiment Setup 8.2 Agile VN Framework Evaluation 8.2.1 Evaluating Depth of Defense 8.2.2 Evaluating the Evasion Effectiveness 8.2.3 Evaluating the Disruptiveness of Migration 8.2.4 Evaluating the Overhead of Migration 8.2.5 Benchmarks of Reconnaissance Time 8.2.6 Evaluating Attacker's View vs. Defender's View 8.2.7 Evaluating Scalability 9 Conclusion References Exploring Malicious Hacker Forums 1 Introduction 2 Background 2.1 Darknet and Clearnet Sites 2.2 Malicious Hacking 2.3 Online Communities 3 Methodology and Scope 4 Forum Structure and Community Social Organization 4.1 Technical Structure 4.2 The Process of Forum Registration 4.3 Forums' Boards and Their Content 4.4 The Social Structure of Black Hat-Forums 4.5 The Double-Edged Sword of the Hacker Meritocracy 4.6 The Russian Forum-cum-Marketplaces 5 The Content of Observed Forums 5.1 The Common Boards 5.2 The Flavored Boards 5.3 Sentiments and Concerns 5.4 Linguistic Characteristics 5.5 Trading Places 6 Conclusion References Anonymity in an Electronic Society: A Survey 1 Introduction 2 Traditional Anonymization Techniques 2.1 Mix Networks 2.2 Onion Routing 2.2.1 Tor Design 2.2.2 Circuits 2.2.3 Hidden Services 2.3 P2P Anonymous Networks 2.3.1 Freenet 2.3.2 I2P 2.4 Attacks and Limitations 2.4.1 Timing Correlation Attacks 2.4.2 Sybil Attack 2.4.3 Intersection Attack 2.4.4 Partitioning Attacks 2.4.5 Information Leak 3 OSN and Anonymity 3.1 User Profiling Through OSN 3.2 Anonymity in OSN 3.2.1 Virtual Private Social Network 3.2.2 Hiding Interactions in OSN 3.3 De-Anonymization in OSN 3.4 Deception in OSN 3.5 Building Anonymous Communication Networks in OSN 4 Conclusion References Erratum to Integrating Cyber-D&D into AdversaryModeling for Active Cyber Defense
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.