Abstract
Critical systems in current threat landscape demand more than just fault-tolerance and security; they demand survivability. Survivability is the ability of a system to continue delivering essential services during attacks, faults or accidents. This is usually accomplished via a four-layered defense setting that consists of prevention, detection, recovery and adaption. As evident by the recent incline in advanced persistent threats, the existing defense systems are in a dire need of evolution. This new generation of defense systems should be smart, adaptive and unlike traditional systems, stay ahead of the malicious actors. Many researchers have started to consider deception as a means to this end. Deception involves misrepresenting or hiding information in order to manipulate a user’s actions. When engrafted in the prevention and detection layers, deception can help trace attacker intent, objective and strategies (AIOS) which aids in the development of targeted recovery and adaptation procedures. Such procedures, in turn, help a system survive in hostile environments. Though the adoption of deception-based defense has been hindered by legal and moral issues in the past but the recent increase in interest in this field holds great promise. This chapter discusses deception-based survivability, its benefits and shortcomings. It presents a high-level deployment architecture that uses deception to ensure system survivability. Other aspects of deception-based survivability such as performance overhead, continued effectiveness and precision have also been discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anagnostakis, K.G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., Keromytis, A.D.: Detecting targeted attacks using shadow honeypots. In: Proceedings of the 14th Conference on USENIX Security Symposium, p. 9 (2005)
Bake, S., Filipiak, N., Timli, K.: In the dark: crucial industries confront cyberattacks. McAfee second annual critical infrastructure protection report (2011)
Baskerville, R.: Information warfare action plans for e-business. In: The 3rd European Conference on Information Warfare and Security, pp. 15–20 (2004)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41, 15:1–15:58 (2009)
Cohen, F.: Deception Toolkit (2001)
Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., Thomas, E.: A framework for deception. IFIP-TC11, Computers and Security (2001)
Cole, E.: Advanced Persistent Threat: Understanding the Danger and How to Protect your Organization. Syngress, Waltham (2012)
Daly, M.K.: The advanced persistent threat. In: Large Installation System Administration Conference (LISA) (2009)
Daniel, D.C., Herbig, K.L.: Strategic Military Deception. Pergamon Press, New York (1982)
Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: protecting your critical systems. IEEE Internet Comput. 3, 55–63 (1999)
Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier - White paper. Symantec Corporation, Security Response (2011)
Goyal, R., Sharma, S., Bevinakoppa, S., Watters, P.: Obfuscation of stuxnet and flame malware. Latest Trends in Applied Informatics and Computing (2012)
Gross, M.J.: A Declaration of Cyber-War (2011)
Kapoor, A., Mathur, R.: Predicting the future of stealth attacks. Virus Bulletin Conference (2011)
Kartaltepe, E.J., Morales, J.A., Xu, S., Sandhu, R.: Social network-based botnet command-and-control: emerging threats and countermeasures. Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS), pp. 511–528 (2010)
Knappa, K.J., Boulton., W.R.: Cyber-Warfare Threatens Corporations: Expansion into Commercial Environments. Inf. Syst. Manag. 23, 76–87 (2006)
Lakhani, A.D.: Deception techniques using Honeypots. MSc Thesis, University of London, ISG, Royal Holloway. (2003)
Levine, J.G., Grizzard, J.B., Owen, H.L.: Using honeynets to protect large enterprise networks. IEEE Secur. Priv. 2, 73–75 (2004)
Liu, P., Zang, W., Yu, M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security (TISSEC), vol. 8 (2005)
Masood, R., Um-e-Ghazia, U., Anwar, Z.: SWAM: stuxnet worm analysis in metasploit. Frontiers of Information Technology (FIT), pp. 142–147 (2011)
McAfee Labs and McAfee Foundstone Professional Services: Protecting your critical assets, lessons learned from Operation Aurora. Technical Report (2010)
McGill, W.L.: Defensive dissuasion in security risk management. In: IEEE International Conference on Systems, Man and Cybernetics (SMC) (2009)
McGill, W.L., Ayyub, B.M., Kaminskiy, M.: Risk analysis for critical asset protection. Risk Anal. 27(5), 1265–1281 (2007)
Mehresh, R., Rao, J.J., Upadhyaya, S.J., Natarajan, S., Kwiat, K.: Tamper-resistant monitoring for securing multi-core environments. In: International Conference on Security and Management (SAM) (2011)
Mehresh, R., Upadhyaya, S.J.: A deception framework for survivability against next generation cyber attacks. In: International Conference on Security and Management (SAM) (2012)
Mehresh, R., Upadhyaya, S.J., Kwiat, K.: Secure proactive recovery - a hardware based mission assurance scheme. J. Netw. Forensics 3, 32–48 (2011)
Munro, K.: Deconstructing flame: the limitations of traditional defences. Computer Fraud and Security, pp. 8–11 (2012)
Murphy, B.S.: Deceiving adversary network scanning efforts using host-based deception. Technical Report, Air Force Institute of Technology, Wright-Patterson Air Force Base (2009)
Nakashima, E., Pomfret, J.: China proves to be an aggressive foe in cyberspace (2009)
Neagoe, V., Bishop, M.: Inconsistency in deception for defense. In: Proceedings of the 2006 workshop on New security paradigms (2007)
Patel, R.R., Thaker, C.S.: Zero-day attack signatures detection using honeypot. International Conference on Computer Communication and Networks (CSI- COMNET) (2011)
Portokalidis, G., Bos, H.: SweetBait: zero-hour worm detection and containment using low- and high-interaction honeypots. Sci. Direct 51, 1256–1274 (2007)
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2008)
Qassrawi, M.T., Zhang, H.: Deception methodology in virtual honeypots. In: Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), vol. 2, pp. 462–467, 24–25 (2010)
Ramilli, M., Bishop, M.: Multi-stage delivery of malware. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE) (2010)
Repik, K.A.: Defeating adversary network intelligence efforts with active cyber defense techniques. Master’s Thesis, Graduate School of Engineering and Management, Air Force Institute of Technology (2008)
Rowe, N.C., Rothstein, H.S.: Two taxononmies of deception for attacks on information systems. J. Inf. Warfare 3, 27–39 (2004)
Smart, M., Malan, G.R., Jahanian, F.: Defeating TCP/IP stack fingerprinting. In: Proceedings of the 9th Conference on USENIX Security Symposium, vol. 9, pp. 17–17 (2000)
Smith, A., Toppel, N.: Case study: using security awareness to combat the advanced persistent threat. In: Thirteenth Colloquium for Information Systems Security Education (2009)
Spitzner, L.: Honeynet Project, Know Your Enemy: Defining Virtual Honey-nets (2008)
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011, 16–19 (2011)
Tzu, S.: The Art of War (Translated by James Clavell). Dell Publishing, New York (1983)
Watson, D., Smart, M., Malan, G.R., Jahanian, F.: Protocol scrubbing: network security through transparent flow modification. IEEE/ACM Trans. Networking 12, 261–273 (2004)
Yuill, J., Denning, D., Feer, F.: Using deception to hide things from hackers: processes, principles, and techniques. J. Inf. Warfare 5, 26–40 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Mehresh, R., Upadhyaya, S.J. (2016). Deception-Based Survivability. In: Chang, CH., Potkonjak, M. (eds) Secure System Design and Trustable Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-14971-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-14971-4_17
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14970-7
Online ISBN: 978-3-319-14971-4
eBook Packages: EngineeringEngineering (R0)