[Defense] Cyber Deception against Adversarial Reconnaissance in Enterprise Network using Semi-Indistinguishable Honeypot
Tuesday, May 30, 2023
2:00 pm - 3:00 pm
In
Partial
Fulfillment
of
the
Requirements
for
the
Degree
of
Doctor
of
Philosophy
Shanto
Roy
will
defend
his
proposal
Cyber
Deception
against
Adversarial
Reconnaissance
in
Enterprise
Network
using
Semi-Indistinguishable
Honeypot
Abstract
This thesis addresses a significant research gap in cyber deception: the lack of depth in human evaluation. While previous works have explored deception-based strategies, only some have evaluated their systems with human attackers, and none have focused on deceiving cyber reconnaissance. As such, there are no standard metrics for measuring the efficiency of reconnaissance-based deception systems. To fill this research gap, my work proposes a new deception system named DARSH (Deceive Adversaries through Redirection to Semi-Indistinguishable Honeypot Web Servers), which employs a semi-indistinguishable honeypot and a crawler to deceive attackers and protect sensitive information. The proposed system is evaluated with human attackers to measure its effectiveness and introduces new metrics based on content modification and human-based evaluation. The significance of this work is multifaceted. First, DARSH addresses the limitations of traditional honeypot deployments by introducing a semi-indistinguishable honeypot that is challenging for attackers to distinguish from real servers. Second, the system employs a crawler that integrates the functionalities of a scrapper and data scrambler, redactor, or anonymizer to modify and manage deceptive content effectively. Third, the human-based evaluation provides insights into the effectiveness of the deception system, especially in terms of time and number of actions to determine redirection or honeypot presence. Fourth, the proposed metrics can be used to evaluate the efficiency of reconnaissance-based deception systems in future research. My contributions have significant implications for cyber deception research. The proposed system’s significance lies in its ability to address many issues of traditional honeypot deployment and its potential for use alongside existing deception strategies, such as honey tokens. Additionally, modified content can help protect sensitive information and reduce the cost of running a honeypot. The human-based evaluations provide a new perspective for measuring the efficiency of reconnaissance-based deception systems, leading to further threat intelligence and modeling. The proposed metrics can guide future research in evaluating the effectiveness of deception strategies, thereby improving cyber defense systems’ overall efficacy.
Tuesday,
May
30,
2023
2:00PM
-
3:00PM
CT
Online via
Dr. Omprakash Gnawali, proposal advisor
Faculty, students, and the general public are invited.
