Finding Logically Consistent Resource-Deception Plans for Defense in Cyberspace
Rowe, Neil C.
MetadataShow full item record
We explore a new approach to defense of computer systems, deliberately deceiving attackers as to resource availability. This can be more effective than outright denial of access because it encourages an attacker to waste time continuing their attack. But effective deceptions must be consistent to convince an adversary. We are exploring automated methods for maintaining logical consistency by tracking assertions made so far with associated causal and other indirect implications. We have built a deception planner that takes as input as sequence of operating-system commands and finds the possible consistent deceptions as per our logical constraints, and rates the deceptions using several criteria. In a test on a generic planning model of rootkit installation, it found 72 of 558 possible deceptions were acceptable and rated them.
This paper appeared in the Third International Symposium on Security in Networks and Distributed Systems, Niagra Falls, Ontario, Canada, pp. 563-568, May 2007.
Showing items related by title, author, creator and subject.
Rowe, Neil C. (Monterey, California. Naval Postgraduate School, 2006-03);Deception is an important component of information operations, valuable for both offense and defense. We enumerate the space of possible deceptions using a new approach derived from semantics in linguistics, including ...
Frederick, Erwin E.; Rowe, Neil C.; Wong, Albert B. G. (Monterey, California. Naval Postgraduate School, 2012-06-11);Deception can be a useful tool in defending computer systems against cyberattacks because it is unexpected and offers much variety of tactics. It is particularly useful for sites of critical infrastructure for which multiple ...
Rowe, Neil C.; Auguston, Mikhail; Drusinsky, Doron; Michael, J. Bret (Monterey, California. Naval Postgraduate School, 2004-06);Our research group has been broadly studying the use of deliberate deception by software to foil attacks on information systems. This can provide a second line of defense when access controls have been breached or against ...