Advertisement

Attribution, Temptation, and Expectation: A Formal Framework for Defense-by-Deception in Cyberwarfare

  • Ehab Al-ShaerEmail author
  • Mohammad Ashiqur Rahman
Chapter
Part of the Advances in Information Security book series (ADIS, volume 56)

Abstract

Defense-by-deception is an effective technique to address the asymmetry challenges in cyberwarfare. It allows for not only misleading attackers to non-harmful goals but also systematic depletion of attacker resources. In this paper, we developed a game theocratic framework that considersattribution, temptation andexpectation, as the major components for planning a successful deception plan. We developed as a case study a game strategy to proactively deceive remote fingerprinting attackers without causing significant performance degradation to benign clients. We model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we designDeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our performance analysis shows thatDeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients. Beyond the DeceiveGame application, our formal framework can be generally used to synthesize correct-by-construction cyber deception plans against other attacks.

Keywords

Information Gain Game Model Defense Cost Signaling Game Perfect Bayesian Equilibrium 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. Adrian. Osfuscate 0.3. 2008. Available inhttp://www.irongeek.com.
  2. O. Arkin and F. Yarochkin. A fuzzy approach to remote active operating system fingerprinting. 2003. Available inhttp://www.sys-security.com/archive/papers/Xprobe2.pdf.
  3. E. Al-Shaer, Q. Duan, and J. H. Jafarian. Random host mutation for moving target defense. InSECURECOMM, 2012.Google Scholar
  4. Basil. Windivert 1.0: Windows packet divert. 2012. Available inhttp://reqrypt.org/windivert.html.
  5. Fyodor. Remote os detection via tcp/ip fingerprinting (2nd generation). 2007. Available inhttp://insecure.org/nmap/osdetect/.
  6. L. Greenwald and T. Thomas. Evaluating tests used in operating system fingerprinting. InLGS Bell Labs Innovations, 2007.Google Scholar
  7. R. Gibbons. Game theory for applied economics. InPrinceton University Press, 1992.Google Scholar
  8. J. Michalski. Network security mechanisms utilizing network address translation. InJournal of Critical Infrastructures, volume 2, 2006.Google Scholar
  9. K. Poduri and K. Nichols. Simulation studies of increased initial tcp window size. InInternet Draft by IETF, 1998.Google Scholar
  10. G. Prigent, F. Vichot, and F. Harroue. Ipmorph: Fingerprinting spoofing unification. InJournal in Computer Virology, volume 6, Oct 2009.Google Scholar
  11. M. Rahman, M. Manshaei, and E. Al-Shaer. AQ2 A game-theoretic solution for counter-fingerprinting. Technical Report,2013. Available athttp://www.manshaei.org/files/TR-DeceiveGame.pdf.
  12. Roualland and Jean-Marc Saffroy. Ip personality. 2001. Available inhttp://ippersonality.sourceforge.net.
  13. M. Smart, G. R. Malan, and F. Jahanian. Defeating tcp/ip stack fingerprinting. InUSENIX Security, Aug 2000.Google Scholar
  14. Tcp optimizer, speed guide. 2011. Available inhttp://www.speedguide.net/tcpoptimizer.php.
  15. The internet traffic archive. 2008. Available inhttp://ita.ee.lbl.gov/html/traces.html.
  16. K. Wang. Frustrating os fingerprinting with morph. 2004. Available inhttp://www.synacklabs.net/projects/morph/.
  17. X. Zhang and L. Zheng. Delude remote operating system (os) scan by honeyd. InWorkshop on Computer Science and Engineering, Oct 2009.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.University of North Carolina at CharlotteCharlotteUSA

Personalised recommendations