Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Deception Framework for Survivability Against Next Generation Cyber Attacks Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and.

Published byLily Robbins Modified over 9 years ago

Similar presentations

Presentation on theme: "A Deception Framework for Survivability Against Next Generation Cyber Attacks Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and."— Presentation transcript:

1 A Deception Framework for Survivability Against Next Generation Cyber Attacks Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY 14260 1

2 Organization Motivation Problem Statement Introduction Framework Work in progress Conclusion 2

3 Motivation 3 The Asymmetric warfare Kind of sophisticated attacks happening lately:  Botnets, command and control  Operation Aurora  Stuxnet

4 Problem Statement How to enable critical systems to survive the next-generation of sophisticated attacks 4 Deception

5 Introduction Survivability is the ability of a system to perform its mission (essential operations) in presence of attacks, faults or accidents Focus on how to survive an attack – Does not focus on source or type of attack 5

6 Introduction Survivability involves four phases: – Prevention against faults/attacks – Detection of faults/attacks – Recovery from faults/attacks – Adaptation/Evolution to avoid future attacks Timeliness property 6

7 Introduction 7  Next-generation attack assessment  Formal requirements  Deception as a tool of defense  Proposed framework

8 Solution 8 Underlying pattern in sophisticated attacks [6] Features: 1.Multi-shot 2.Stealth 3.Contingency plan Underlying pattern in sophisticated attacks [6] Features: 1.Multi-shot 2.Stealth 3.Contingency plan

9 Formal system requirements 9  Recognizing the smart adversary  Prevention  Surreptitious detection  Effective recovery with adaptation  Zero-day attacks

10 Formal system requirements 10  Conserving timeliness property  Non-verifiable deception

11 Deception as tool of defense Preventive deception – Hiding, Distraction, Dissuasion Detection – Honeypot farm Recovery – Concealing the detection till an effective patch has been worked out 11

12 Framework 12

13 Work in progress Design issues Controlling the feedback loop Smart-box design – Assess the nature of the traffic flow – Map AIOS to a honeypot 13

14 Conclusion Deception based survivability solution against sophisticated attacks Dealing with zero-day attacks while conserving timeliness property Stronger recovery with surreptitious detection 14

15 References 1.E. Nakashima and J. Pomfret. China proves to be an aggressive foe in cyberspace, November 2009. 2.M. Ramilli and M. Bishop. Multi-stage delivery of malware. 5th International Conference on Malicious and Unwanted Software (MALWARE), 2010. 3.E. J. Kartaltepe, J. A. Morales, S. Xu, and R. Sandhu. Social network based botnet command-and-control: emerging threats and countermeasures. Proceedings of the 8th international conference on Applied cryptography and network security (ACNS), pages 511–528, 2010. 4.M. Labs and M. F. P. Services. Protecting your critical assets, lessons learned from operation aurora. Technical report, 2010. 5.M. J. Gross. A declaration of cyber-war, April 2011. 6.K. A. Repik. Defeating adversary network intelligence efforts with active cyber defense techniques. Master’s thesis, Graduate School of Engineering and Management, Air Force Institute of Technology, 2008. 7.A. D. Lakhani. Deception techniques using honeypots. Master’s thesis, MSc Thesis, ISG, Royal Holloway, University of London, 2003. 15

16 Thank You For questions and comments, email: – Ruchika Mehresh (rmehresh@buffalo.edu)rmehresh@buffalo.edu – Shambhu Upadhyaya (shambhu@buffalo.edu)shambhu@buffalo.edu 16

Download ppt "A Deception Framework for Survivability Against Next Generation Cyber Attacks Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and."

Similar presentations

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism

Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism
© 2012 Delmar, Cengage Learning Section V Getting the Job Done… Through Others Chapter 13 Deploying Law Enforcement Resources and Improving Productivity.

© 2012 Delmar, Cengage Learning Section V Getting the Job Done… Through Others Chapter 13 Deploying Law Enforcement Resources and Improving Productivity.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-254-5802.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.

Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.
Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.

Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.

Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
Randy Marchany VA Tech Computing Center

Randy Marchany VA Tech Computing Center
Mohammad Alshayeb 19 May 2009. Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.

Mohammad Alshayeb 19 May Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.
Securing Information Systems

Securing Information Systems
A First Course in Information Security

A First Course in Information Security
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google