Skip to main content
SpringerLink
Log in
Book cover

Cyber Deception pp 51–67Cite as

Quantifying Covertness in Deceptive Cyber Operations

  • Chapter
  • First Online:

Abstract

A deception is often enabled by cloaking or disguising the true intent and corresponding actions of the perpetrating actor. In cyber deception, the degree to which actions are disguised or cloaked is typically called “covertness.” In this chapter, we describe a novel approach to quantifying cyber covertness, a specific attribute of malware relative to specific alert logic that the defender uses. We propose that the covertness of an offensive cyber operation in an adversarial environment is derived from the probability that the operation is detected by the defender. We show that this quantitative concept can be computed using Covertness Block Diagrams that are related to classical reliability block diagrams used for years in the reliability engineering community. This requires methods for modeling the malware and target network defenses that allow us to calculate a quantitative measure of covertness which is interpreted as the probability of detection. Called the Covertness Score, this measure can be used by attackers to design a stealthier method of completing their mission as well as by defenders to understand the detection limitations of their defenses before they are exploited.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    such as www.4shared.com.

References

  1. US Army. Joint technical coordinating group for munitions effectiveness program office.

    Google Scholar 

  2. David D Lynch and Institution of Electrical Engineers. Introduction to RF stealth. Scitech, 2004.

    Google Scholar 

  3. Dave MacEslin. Methodology for Determining EW JMEM. TECH TALK, page 32, 2006.

    Google Scholar 

  4. George Cybenko and Jason Syverson. Quantitative foundations for information operations, 2007.

    Google Scholar 

  5. David E. Sanger. Syria War Stirs New U.S. Debate on Cyberattacks. http://www.nytimes.com/2014/02/25/world/middleeast/obama-worried-about-effects-of-waging-cyberwar-in-syria.html, Feb 2014. Accessed: 2015-11-11.

  6. US Department of Defense. The Department of Defense Cyber Strategy, 2015.

    Google Scholar 

  7. Mark A Gallagher and Michael Horta. Cyber Joint Munitions Effectiveness Manual (JMEM). M& SJ, 8:5e14, 2013.

    Google Scholar 

  8. US Army. Joint Publication 3–13: Information Operations, Nov 2014.

    Google Scholar 

  9. Molly B. Walker. New DoD program office to create cyber equivalent of the Joint Munitions Effectiveness Manual. http://www.fiercegovernmentit.com/story/new-dod-program-office-create-cyber-equivalent-joint-munitions-effectivenes/2015-10-14, Oct 2015. Accessed: 2015-11-20.

  10. http://www.iseclab.org/projects/ttanalyze/. TTAnalyze: A tool for analyzing malware, 2015.

  11. Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiao-yong Zhou, and XiaoFeng Wang. Effective and efficient malware detection at the end host. In USENIX security symposium, pages 351–366, 2009.

    Google Scholar 

  12. Daniel Bilar et al. Statistical structures: Fingerprinting malware for classification and analysis. Proceedings of Black Hat Federal 2006, 2006.

    Google Scholar 

  13. Marko Čepin. Reliability block diagram. In Assessment of Power System Reliability, pages 119–123. Springer, 2011.

    Google Scholar 

  14. RG Bennetts. Analysis of reliability block diagrams by boolean techniques. Reliability, IEEE Transactions on, 31(2):159–166, 1982.

    Article  MATH  Google Scholar 

  15. http://www8.hp.com/us/en/software-solutions/siem-security-information-eventmanagement/. HP ArcSight ESM, 2015.

  16. http://www.splunk.com/. Splunk Operational Intelligence Platform, 2015.

  17. http://www.flowtraq.com/. FlowTraq Network Security, Monitoring, Analysis, and Forensics, 2015.

  18. http://www.snort.com/. Snort Intrusion Prevention System, 2015.

  19. http://www.mcafee.com/us/. McAfee Intel Security Suite, 2015.

  20. http://www.tripwire.com/. Tripwire Advanced Cyber Threat Detection, 2015.

  21. HP Enterprise Security. HP ArcSight ESM: powered by CORR-Engine, September 2012.

    Google Scholar 

  22. Sandeep Yadav, Ashwath Kumar Krishna Reddy, a.L. Narasimha Reddy, and Supranamaya Ranjan. Detecting algorithmically generated malicious domain names. Proceedings of the 10th annual conference on Internet measurement - IMC ’10, page 48, 2010.

    Google Scholar 

  23. Open Malware. http://openmalware.org, 2014.

  24. VirusShare. http://virusshare.com, 2014.

  25. The VirusWatch Archives. http://lists.clean-mx.com/pipermail/viruswatch/, 2014.

  26. Cuckoo Sandbox. http://www.cuckoosandbox.org/, 2014.

  27. Microsoft Developer Network. http://msdn.microsoft.com/en-us/library/, 2014.

  28. Nicole Perlroth. Intelligence Start-Up Goes Behind Enemy Lines to Get Ahead of Hackers. www.nytimes.com/2015/09/14/technology/intelligence-start-up-goes-behind-enemy-lines-to-get-ahead-of-hackers.html, Sep 2015. Accessed: 2015-11-11.

  29. Ben Elgin, Dune Lawrence, and Michael Riley. Neiman Marcus Hackers Set Off 60,000 Alerts While Bagging Credit Card Data. http://www.bloomberg.com/bw/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data, Feb 2014. Accessed: 2015-11-11.

  30. Elizabeth R DeLong, David M DeLong, and Daniel L Clarke-Pearson. Comparing the areas under two or more correlated receiver operating characteristic curves: a nonparametric approach. Biometrics, pages 837–845, 1988.

    Google Scholar 

  31. Michael O Ball. Computational complexity of network reliability analysis: An overview. Reliability, IEEE Transactions on, 35(3):230–239, 1986.

    Google Scholar 

  32. Thomas M Cover and Joy A Thomas. Elements of information theory. John Wiley & Sons, 2012.

    Google Scholar 

Download references

Acknowledgements

This work was partially supported by Air Force Research Laboratory (AFRL) Contract FA8750-13-1-0070. The opinions expressed in this article belong solely to the article’s authors and do not reflect any opinion, policy statement, recommendation or position, expressed or implied, of the U.S. Department of Defense.

The authors thank the anonymous reviewers and the book editors for suggestions that significantly improved this chapter.

Author information

Authors and Affiliations

  1. Thayer School of Engineering, Dartmouth College, Hanover, NH, 03755, USA

    George Cybenko

  2. Microsoft, Redmond, WA, USA

    Gabriel Stocco

  3. Air Force Research Laboratory, Dayton, OH, USA

    Patrick Sweeney

Authors
  1. George Cybenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabriel Stocco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patrick Sweeney
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to George Cybenko .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Department of Computer Science, University of Maryland, College Park, Maryland, USA

    V.S. Subrahmanian

  3. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  4. Computing & Information Science Division, Information Sciences Directorate Computing & Information Science Division, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Cybenko, G., Stocco, G., Sweeney, P. (2016). Quantifying Covertness in Deceptive Cyber Operations. In: Jajodia, S., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Deception. Springer, Cham. https://doi.org/10.1007/978-3-319-32699-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-32699-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-32697-9

  • Online ISBN: 978-3-319-32699-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation