Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ruchika Mehresh and Shambhu Upadhyaya

Published byValentīna Lagzdiņš Modified over 6 years ago

Similar presentations

Presentation on theme: "Ruchika Mehresh and Shambhu Upadhyaya"— Presentation transcript:

1 Ruchika Mehresh and Shambhu Upadhyaya
A Deception Framework for Survivability Against Next Generation Cyber Attacks Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY 14260

2 The Asymmetric warfare
Motivation The Asymmetric warfare Kind of sophisticated attacks happening lately: Botnets, command and control Operation Aurora Stuxnet - As reported by Washington Post, malicious sleeper code is known to be left behind in the U.S. critical infrastructure by state-sponsored attackers. This sleeper code can be activated anytime to alter or destroy information. - Similar stealth methodologies are also employed during multi-stage delivery of malware discussed in and the botnets stealthy command and control execution model. Stuxnet (June 2010, nuclear power plants in Iran )sniffs for a specific configuration and remains inactive if it does not find it. “Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating.” Another instance of smart malware is ‘Operation Aurora’ that received wide publicity in The most highlighted feature of Aurora is its complexity, sophistication and stealth. It includes numerous steps to gain and maintain access to privileged systems until the attacker’s goals are met. The installation and working of this malware is completely hidden from the user. The attack has been aimed at dozens of other organizations, of which Adobe Systems,[3] Juniper Networks[4] and Rackspace[5] have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley[6] and Dow Chemical[7] were also among the targets. Source code repositories, intellectual property. Attackers are growing smarter and attacks more sophisticated Critical systems are high-value targets Asymmetric warfare All attacks can not be prevented, how to “survive” them

3 Problem Statement How to enable critical systems to survive the next-generation of sophisticated attacks Deception

4 Introduction Survivability is the ability of a system to perform its mission (essential operations) in presence of attacks, faults or accidents Focus on how to survive an attack Does not focus on source or type of attack Not on who attacked, etc. Whether fault or attack

5 Introduction Survivability involves four phases: Timeliness property
Prevention against faults/attacks Detection of faults/attacks Recovery from faults/attacks Adaptation/Evolution to avoid future attacks Timeliness property

6 Introduction Next-generation attack assessment Formal requirements
Deception as a tool of defense Proposed framework Asymmetric warfare theory Attackers have the advantage of time and stealth How to make the defense agile and adaptive? How to survive sophisticated attacks The issue of survivability

7 Solution Underlying pattern in sophisticated attacks [6] Features:
Multi-shot Stealth Contingency plan Solution

8 Formal system requirements
Recognizing the smart adversary Prevention Surreptitious detection Effective recovery with adaptation Zero-day attacks Zero-day attacks: Proactive vs Reactive

9 Formal system requirements
Conserving timeliness property Non-verifiable deception

10 Deception as tool of defense
Preventive deception Hiding, Distraction, Dissuasion Detection Honeypot farm Recovery Concealing the detection till an effective patch has been worked out - Deception itself in warfare is not new - legal and moral issues. Some concepts are used by many like DTK by Cohen Hiding like fingerprint scrubbing, obfuscation, etc. High interactive honeypots provide an emulation for a real operating system. Thus, the attacker can interact with the operating system and completely compromise the system. Some examples are User Mode Linux (UML), VMware, Argos, etc. Low-interaction honeypots simulate limited network services and vulnerabilities. They can not be completely exploited. Examples are LaBrea, Honeyd, Nepenthes, etc. [26], [27].

11 Framework Attackers Intent, Objectives and Strategies (AIOS)
Dark space + Malicious behavior + Intentional

12 Work in progress Design issues Controlling the feedback loop
Smart-box design Assess the nature of the traffic flow Map AIOS to a honeypot Other solutions: zero-day + timing

13 Conclusion Deception based survivability solution against sophisticated attacks Dealing with zero-day attacks while conserving timeliness property Stronger recovery with surreptitious detection

14 References E. Nakashima and J. Pomfret. China proves to be an aggressive foe in cyberspace, November 2009. M. Ramilli and M. Bishop. Multi-stage delivery of malware. 5th International Conference on Malicious and Unwanted Software (MALWARE), 2010. E. J. Kartaltepe, J. A. Morales, S. Xu, and R. Sandhu. Social network based botnet command-and-control: emerging threats and countermeasures. Proceedings of the 8th international conference on Applied cryptography and network security (ACNS), pages 511–528, 2010. M. Labs and M. F. P. Services. Protecting your critical assets, lessons learned from operation aurora. Technical report, 2010. M. J. Gross. A declaration of cyber-war, April 2011. K. A. Repik. Defeating adversary network intelligence efforts with active cyber defense techniques. Master’s thesis, Graduate School of Engineering and Management, Air Force Institute of Technology, 2008. A. D. Lakhani. Deception techniques using honeypots. Master’s thesis, MSc Thesis, ISG, Royal Holloway, University of London, 2003.

Download ppt "Ruchika Mehresh and Shambhu Upadhyaya"

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
Mohammad Alshayeb 19 May 2009. Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.

Mohammad Alshayeb 19 May Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.
Herbert Bos Erik van der Kouwe Remco Vermeulen Andrei Bacs

Herbert Bos Erik van der Kouwe Remco Vermeulen Andrei Bacs
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
A sophisticated Malware Arpit Singh CPSC 420

A sophisticated Malware Arpit Singh CPSC 420
Architecting secure software systems

Architecting secure software systems
HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Homeland Security. Learning Topics Purpose Introduction History Homeland Security Act Homeland Defense Terrorism Advisory System Keeping yourself safe.

Homeland Security. Learning Topics Purpose Introduction History Homeland Security Act Homeland Defense Terrorism Advisory System Keeping yourself safe.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Similar presentations

Ads by Google