Skip to main content
SpringerLink
Log in

Deception-Based Survivability

  • Chapter
Secure System Design and Trustable Computing

  • 1484 Accesses

Abstract

Critical systems in current threat landscape demand more than just fault-tolerance and security; they demand survivability. Survivability is the ability of a system to continue delivering essential services during attacks, faults or accidents. This is usually accomplished via a four-layered defense setting that consists of prevention, detection, recovery and adaption. As evident by the recent incline in advanced persistent threats, the existing defense systems are in a dire need of evolution. This new generation of defense systems should be smart, adaptive and unlike traditional systems, stay ahead of the malicious actors. Many researchers have started to consider deception as a means to this end. Deception involves misrepresenting or hiding information in order to manipulate a user’s actions. When engrafted in the prevention and detection layers, deception can help trace attacker intent, objective and strategies (AIOS) which aids in the development of targeted recovery and adaptation procedures. Such procedures, in turn, help a system survive in hostile environments. Though the adoption of deception-based defense has been hindered by legal and moral issues in the past but the recent increase in interest in this field holds great promise. This chapter discusses deception-based survivability, its benefits and shortcomings. It presents a high-level deployment architecture that uses deception to ensure system survivability. Other aspects of deception-based survivability such as performance overhead, continued effectiveness and precision have also been discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Anagnostakis, K.G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., Keromytis, A.D.: Detecting targeted attacks using shadow honeypots. In: Proceedings of the 14th Conference on USENIX Security Symposium, p. 9 (2005)

    Google Scholar 

  2. Bake, S., Filipiak, N., Timli, K.: In the dark: crucial industries confront cyberattacks. McAfee second annual critical infrastructure protection report (2011)

    Google Scholar 

  3. Baskerville, R.: Information warfare action plans for e-business. In: The 3rd European Conference on Information Warfare and Security, pp. 15–20 (2004)

    Google Scholar 

  4. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41, 15:1–15:58 (2009)

    Google Scholar 

  5. Cohen, F.: Deception Toolkit (2001)

    Google Scholar 

  6. Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., Thomas, E.: A framework for deception. IFIP-TC11, Computers and Security (2001)

    Google Scholar 

  7. Cole, E.: Advanced Persistent Threat: Understanding the Danger and How to Protect your Organization. Syngress, Waltham (2012)

    Google Scholar 

  8. Daly, M.K.: The advanced persistent threat. In: Large Installation System Administration Conference (LISA) (2009)

    Google Scholar 

  9. Daniel, D.C., Herbig, K.L.: Strategic Military Deception. Pergamon Press, New York (1982)

    Google Scholar 

  10. Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: protecting your critical systems. IEEE Internet Comput. 3, 55–63 (1999)

    Article  Google Scholar 

  11. Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier - White paper. Symantec Corporation, Security Response (2011)

    Google Scholar 

  12. Goyal, R., Sharma, S., Bevinakoppa, S., Watters, P.: Obfuscation of stuxnet and flame malware. Latest Trends in Applied Informatics and Computing (2012)

    Google Scholar 

  13. Gross, M.J.: A Declaration of Cyber-War (2011)

    Google Scholar 

  14. Kapoor, A., Mathur, R.: Predicting the future of stealth attacks. Virus Bulletin Conference (2011)

    Google Scholar 

  15. Kartaltepe, E.J., Morales, J.A., Xu, S., Sandhu, R.: Social network-based botnet command-and-control: emerging threats and countermeasures. Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS), pp. 511–528 (2010)

    Google Scholar 

  16. Knappa, K.J., Boulton., W.R.: Cyber-Warfare Threatens Corporations: Expansion into Commercial Environments. Inf. Syst. Manag. 23, 76–87 (2006)

    Google Scholar 

  17. Lakhani, A.D.: Deception techniques using Honeypots. MSc Thesis, University of London, ISG, Royal Holloway. (2003)

    Google Scholar 

  18. Levine, J.G., Grizzard, J.B., Owen, H.L.: Using honeynets to protect large enterprise networks. IEEE Secur. Priv. 2, 73–75 (2004)

    Article  Google Scholar 

  19. Liu, P., Zang, W., Yu, M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security (TISSEC), vol. 8 (2005)

    Google Scholar 

  20. Masood, R., Um-e-Ghazia, U., Anwar, Z.: SWAM: stuxnet worm analysis in metasploit. Frontiers of Information Technology (FIT), pp. 142–147 (2011)

    Google Scholar 

  21. McAfee Labs and McAfee Foundstone Professional Services: Protecting your critical assets, lessons learned from Operation Aurora. Technical Report (2010)

    Google Scholar 

  22. McGill, W.L.: Defensive dissuasion in security risk management. In: IEEE International Conference on Systems, Man and Cybernetics (SMC) (2009)

    Google Scholar 

  23. McGill, W.L., Ayyub, B.M., Kaminskiy, M.: Risk analysis for critical asset protection. Risk Anal. 27(5), 1265–1281 (2007)

    Article  Google Scholar 

  24. Mehresh, R., Rao, J.J., Upadhyaya, S.J., Natarajan, S., Kwiat, K.: Tamper-resistant monitoring for securing multi-core environments. In: International Conference on Security and Management (SAM) (2011)

    Google Scholar 

  25. Mehresh, R., Upadhyaya, S.J.: A deception framework for survivability against next generation cyber attacks. In: International Conference on Security and Management (SAM) (2012)

    Google Scholar 

  26. Mehresh, R., Upadhyaya, S.J., Kwiat, K.: Secure proactive recovery - a hardware based mission assurance scheme. J. Netw. Forensics 3, 32–48 (2011)

    Google Scholar 

  27. Munro, K.: Deconstructing flame: the limitations of traditional defences. Computer Fraud and Security, pp. 8–11 (2012)

    Google Scholar 

  28. Murphy, B.S.: Deceiving adversary network scanning efforts using host-based deception. Technical Report, Air Force Institute of Technology, Wright-Patterson Air Force Base (2009)

    Google Scholar 

  29. Nakashima, E., Pomfret, J.: China proves to be an aggressive foe in cyberspace (2009)

    Google Scholar 

  30. Neagoe, V., Bishop, M.: Inconsistency in deception for defense. In: Proceedings of the 2006 workshop on New security paradigms (2007)

    Google Scholar 

  31. Patel, R.R., Thaker, C.S.: Zero-day attack signatures detection using honeypot. International Conference on Computer Communication and Networks (CSI- COMNET) (2011)

    Google Scholar 

  32. Portokalidis, G., Bos, H.: SweetBait: zero-hour worm detection and containment using low- and high-interaction honeypots. Sci. Direct 51, 1256–1274 (2007)

    MATH  Google Scholar 

  33. Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2008)

    Google Scholar 

  34. Qassrawi, M.T., Zhang, H.: Deception methodology in virtual honeypots. In: Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), vol. 2, pp. 462–467, 24–25 (2010)

    Google Scholar 

  35. Ramilli, M., Bishop, M.: Multi-stage delivery of malware. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE) (2010)

    Google Scholar 

  36. Repik, K.A.: Defeating adversary network intelligence efforts with active cyber defense techniques. Master’s Thesis, Graduate School of Engineering and Management, Air Force Institute of Technology (2008)

    Google Scholar 

  37. Rowe, N.C., Rothstein, H.S.: Two taxononmies of deception for attacks on information systems. J. Inf. Warfare 3, 27–39 (2004)

    Google Scholar 

  38. Smart, M., Malan, G.R., Jahanian, F.: Defeating TCP/IP stack fingerprinting. In: Proceedings of the 9th Conference on USENIX Security Symposium, vol. 9, pp. 17–17 (2000)

    Google Scholar 

  39. Smith, A., Toppel, N.: Case study: using security awareness to combat the advanced persistent threat. In: Thirteenth Colloquium for Information Systems Security Education (2009)

    Google Scholar 

  40. Spitzner, L.: Honeynet Project, Know Your Enemy: Defining Virtual Honey-nets (2008)

    Google Scholar 

  41. Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011, 16–19 (2011)

    Article  Google Scholar 

  42. Tzu, S.: The Art of War (Translated by James Clavell). Dell Publishing, New York (1983)

    Google Scholar 

  43. Watson, D., Smart, M., Malan, G.R., Jahanian, F.: Protocol scrubbing: network security through transparent flow modification. IEEE/ACM Trans. Networking 12, 261–273 (2004)

    Article  Google Scholar 

  44. Yuill, J., Denning, D., Feer, F.: Using deception to hide things from hackers: processes, principles, and techniques. J. Inf. Warfare 5, 26–40 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University at Buffalo, State University of New York, Buffalo, NY, 14260, USA

    Ruchika Mehresh & Shambhu J. Upadhyaya

Authors
  1. Ruchika Mehresh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shambhu J. Upadhyaya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shambhu J. Upadhyaya .

Editor information

Editors and Affiliations

  1. School of EEE, Nanyang Technological University, Singapore, Singapore

    Chip-Hong Chang

  2. University of California Los Angeles, Los Angeles, California, USA

    Miodrag Potkonjak

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Mehresh, R., Upadhyaya, S.J. (2016). Deception-Based Survivability. In: Chang, CH., Potkonjak, M. (eds) Secure System Design and Trustable Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-14971-4_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-14971-4_17

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-14970-7

  • Online ISBN: 978-3-319-14971-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation