Skip to main content
SpringerLink
Log in

Towards Cyber Attribution by Deception

  • Conference paper
  • First Online:
Book cover Hybrid Intelligent Systems (HIS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1179))

Included in the following conference series:

Abstract

This paper discusses a technical solution that will help to bring the cyber defenders and investigators one step closer to successful cyber attribution: deception technology. The goal is to detect abnormal activities taking place in the computer system by planting so called fake entities into the system. These fake entities appear to be interesting and valuable for the attacker. The deceptive defense mechanism then waits for the malicious adversary to interact with these fake entities. A fake entity can be anything from a fabricated file to a fake user account in a system. This paper takes a look at how different fake entities can be used for cyber attribution. We conclude that deception technology and fake entities have lots of potential for further development when trying to solve the challenge of cyber attribution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al-Shaer, E., Wei, J., Hamlen, K.W., Wang, C.: Towards intelligent cyber deception systems. In: Al-Shaer, E., Wei, J., Hamlen, K., Wang, C. (eds.) Autonomous Cyber Deception, pp. 21–33. Springer, Cham (2019)

    Chapter  Google Scholar 

  2. Almeshekah, M., Spafford, E.: Planning and integrating deception into computer security defenses. In: Proceedings of the 2014 Workshop on New Security Paradigms Workshop, pp. 127–138. ACM (2014)

    Google Scholar 

  3. Araujo, F., Hamlen, K.W., Biedermann, S., Katzenbeisser, S.: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 942–953. ACM (2014)

    Google Scholar 

  4. Araujo, F., Shapouri, M., Pandey, S., Hamlen, K.: Experiences with honey-patching in active cyber security education. In: 8th Workshop on Cyber Security Experimentation and Test (CSET 2015) (2015)

    Google Scholar 

  5. Bejtlich, R.: The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press, San Francisco (2013)

    Google Scholar 

  6. Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization (2002)

    Google Scholar 

  7. Cohen, F., Koike, D.: Misleading attackers with deception. In: Proceedings from the Fifth Annual IEEE Information Assurance Workshop, pp. 30–37. IEEE (2004)

    Google Scholar 

  8. Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 145–160, November 2013

    Google Scholar 

  9. Kambow, N., Passi, L.K.: Honeypots: the need of network security. Int. J. Comput. Sci. Inf. Technol. 5(5), 6098–6101 (2014)

    Google Scholar 

  10. Karuna, P., Purohit, H., Ganesan, R., Jajodia, S.: Generating hard to comprehend fake documents for defensive cyber deception. IEEE Intell. Syst. 33(5), 16–25 (2018)

    Article  Google Scholar 

  11. Laurén, S., Mäki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., Leppänen, V.: Symbol diversification of Linux binaries. In: World Congress on Internet Security (WorldCIS 2014), pp. 74–79. IEEE (2014)

    Google Scholar 

  12. Laurén, S., Rauti, S., Leppänen, V.: An interface diversified honeypot for malware analysis. In: Procedings of the 10th European Conference on Software Architecture Workshops. ACM (2016). Article no. 29

    Google Scholar 

  13. Lin, H.: Attribution of malicious cyber incidents: from soup to nuts. J. Int. Aff. 70(1), 75–137 (2016)

    Google Scholar 

  14. Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 61–93 (2006)

    Article  Google Scholar 

  15. Office of the Director of National Intelligence: A guide to cyber attribution (2018)

    Google Scholar 

  16. Rauti, S., Leppänen, V.: A survey on fake entities as a method to detect and monitor malicious activity. In: 2017 25th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 386–390. IEEE (2017)

    Google Scholar 

  17. Rietta, F.S.: Application layer intrusion detection for SQL injection. In: Proceedings of the 44th Annual Southeast Regional Conference, pp. 531–536. ACM (2006)

    Google Scholar 

  18. Rowe, N.C.: Designing good deceptions in defense of information systems. In: 20th Annual Computer Security Applications Conference, pp. 418–427. IEEE (2004)

    Google Scholar 

  19. Rowe, N.C.: A model of deception during cyber-attacks on information systems. In: IEEE First Symposium on Multi-Agent Security and Survivability, pp. 21–30. IEEE (2004)

    Google Scholar 

  20. Rowe, N.C.: Deception in defense of computer systems from cyber attack. In: Cyber Warfare and Cyber Terrorism, pp. 97–104. IGI Global (2007)

    Google Scholar 

  21. Spafford, E.: More than passive defense (2011). https://www.cerias.purdue.edu/site/blog/post/more_than_passive_defense/

  22. Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)

    Google Scholar 

  23. Uitto, J., Rauti, S., Mäkelä, J.M., Leppänen, V.: Preventing malicious attacks by diversifying Linux shell commands. In: SPLST, pp. 206–220 (2015)

    Google Scholar 

  24. Virvilis, N., Gritzalis, D.: The big four - what we did wrong in advanced persistent threat detection? In: 2013 International Conference on Availability, Reliability and Security, pp. 248–254 (2013)

    Google Scholar 

  25. Virvilis, N., Vanautgaerden, B., Serrano, O.S.: Changing the game: the art of deceiving sophisticated attackers. In: 6th International Conference on Cyber Conflict (CyCon 2014), pp. 87–97. IEEE (2014)

    Google Scholar 

  26. Wang, C., Lu, Z.: Cyber deception: overview and the road ahead. IEEE Secur. Priv. 16(2), 80–85 (2018)

    Article  MathSciNet  Google Scholar 

  27. Wang, W., Bickford, J., Murynets, I., Subbaraman, R., Forte, A.G., Singaraju, G.: Catching the wily hacker: a multilayer deception system. In: 35th IEEE Sarnoff Symposium, pp. 1–6. IEEE (2012)

    Google Scholar 

  28. Whitham, B.: Canary files: generating fake files to detect critical data loss from complex computer networks. In: Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013), Malaysia (2013)

    Google Scholar 

  29. Yuill, J.: Defensive computer-security deception operations: processes, principles and techniques. Ph.D. thesis, North Carolina State University (2006)

    Google Scholar 

  30. Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116–122. IEEE (2004)

    Google Scholar 

  31. Zeltser, L.: Detecting memory-scraping malware. US Patent 9,774,627, 26 September 2017

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Turku, Turku, Finland

    Sampsa Rauti

Authors
  1. Sampsa Rauti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sampsa Rauti .

Editor information

Editors and Affiliations

  1. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR), Auburn, WA, USA

    Ajith Abraham

  2. School of Computer Science and Engineering, VIT Bhopal University, Bhopal, Madhya Pradesh, India

    Shishir K. Shandilya

  3. Area of Project Engineering, University of Cordoba, Córdoba, Spain

    Laura Garcia-Hernandez

  4. Escola de Engenharia, Universidade do Minho, Guimarães, Portugal

    Maria Leonilde Varela

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rauti, S. (2021). Towards Cyber Attribution by Deception. In: Abraham, A., Shandilya, S., Garcia-Hernandez, L., Varela, M. (eds) Hybrid Intelligent Systems. HIS 2019. Advances in Intelligent Systems and Computing, vol 1179. Springer, Cham. https://doi.org/10.1007/978-3-030-49336-3_41

Download citation

Publish with us

Policies and ethics

Search

Navigation