Abstract
This paper discusses a technical solution that will help to bring the cyber defenders and investigators one step closer to successful cyber attribution: deception technology. The goal is to detect abnormal activities taking place in the computer system by planting so called fake entities into the system. These fake entities appear to be interesting and valuable for the attacker. The deceptive defense mechanism then waits for the malicious adversary to interact with these fake entities. A fake entity can be anything from a fabricated file to a fake user account in a system. This paper takes a look at how different fake entities can be used for cyber attribution. We conclude that deception technology and fake entities have lots of potential for further development when trying to solve the challenge of cyber attribution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Shaer, E., Wei, J., Hamlen, K.W., Wang, C.: Towards intelligent cyber deception systems. In: Al-Shaer, E., Wei, J., Hamlen, K., Wang, C. (eds.) Autonomous Cyber Deception, pp. 21–33. Springer, Cham (2019)
Almeshekah, M., Spafford, E.: Planning and integrating deception into computer security defenses. In: Proceedings of the 2014 Workshop on New Security Paradigms Workshop, pp. 127–138. ACM (2014)
Araujo, F., Hamlen, K.W., Biedermann, S., Katzenbeisser, S.: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 942–953. ACM (2014)
Araujo, F., Shapouri, M., Pandey, S., Hamlen, K.: Experiences with honey-patching in active cyber security education. In: 8th Workshop on Cyber Security Experimentation and Test (CSET 2015) (2015)
Bejtlich, R.: The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press, San Francisco (2013)
Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization (2002)
Cohen, F., Koike, D.: Misleading attackers with deception. In: Proceedings from the Fifth Annual IEEE Information Assurance Workshop, pp. 30–37. IEEE (2004)
Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 145–160, November 2013
Kambow, N., Passi, L.K.: Honeypots: the need of network security. Int. J. Comput. Sci. Inf. Technol. 5(5), 6098–6101 (2014)
Karuna, P., Purohit, H., Ganesan, R., Jajodia, S.: Generating hard to comprehend fake documents for defensive cyber deception. IEEE Intell. Syst. 33(5), 16–25 (2018)
Laurén, S., Mäki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., Leppänen, V.: Symbol diversification of Linux binaries. In: World Congress on Internet Security (WorldCIS 2014), pp. 74–79. IEEE (2014)
Laurén, S., Rauti, S., Leppänen, V.: An interface diversified honeypot for malware analysis. In: Procedings of the 10th European Conference on Software Architecture Workshops. ACM (2016). Article no. 29
Lin, H.: Attribution of malicious cyber incidents: from soup to nuts. J. Int. Aff. 70(1), 75–137 (2016)
Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 61–93 (2006)
Office of the Director of National Intelligence: A guide to cyber attribution (2018)
Rauti, S., Leppänen, V.: A survey on fake entities as a method to detect and monitor malicious activity. In: 2017 25th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 386–390. IEEE (2017)
Rietta, F.S.: Application layer intrusion detection for SQL injection. In: Proceedings of the 44th Annual Southeast Regional Conference, pp. 531–536. ACM (2006)
Rowe, N.C.: Designing good deceptions in defense of information systems. In: 20th Annual Computer Security Applications Conference, pp. 418–427. IEEE (2004)
Rowe, N.C.: A model of deception during cyber-attacks on information systems. In: IEEE First Symposium on Multi-Agent Security and Survivability, pp. 21–30. IEEE (2004)
Rowe, N.C.: Deception in defense of computer systems from cyber attack. In: Cyber Warfare and Cyber Terrorism, pp. 97–104. IGI Global (2007)
Spafford, E.: More than passive defense (2011). https://www.cerias.purdue.edu/site/blog/post/more_than_passive_defense/
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)
Uitto, J., Rauti, S., Mäkelä, J.M., Leppänen, V.: Preventing malicious attacks by diversifying Linux shell commands. In: SPLST, pp. 206–220 (2015)
Virvilis, N., Gritzalis, D.: The big four - what we did wrong in advanced persistent threat detection? In: 2013 International Conference on Availability, Reliability and Security, pp. 248–254 (2013)
Virvilis, N., Vanautgaerden, B., Serrano, O.S.: Changing the game: the art of deceiving sophisticated attackers. In: 6th International Conference on Cyber Conflict (CyCon 2014), pp. 87–97. IEEE (2014)
Wang, C., Lu, Z.: Cyber deception: overview and the road ahead. IEEE Secur. Priv. 16(2), 80–85 (2018)
Wang, W., Bickford, J., Murynets, I., Subbaraman, R., Forte, A.G., Singaraju, G.: Catching the wily hacker: a multilayer deception system. In: 35th IEEE Sarnoff Symposium, pp. 1–6. IEEE (2012)
Whitham, B.: Canary files: generating fake files to detect critical data loss from complex computer networks. In: Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013), Malaysia (2013)
Yuill, J.: Defensive computer-security deception operations: processes, principles and techniques. Ph.D. thesis, North Carolina State University (2006)
Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116–122. IEEE (2004)
Zeltser, L.: Detecting memory-scraping malware. US Patent 9,774,627, 26 September 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Rauti, S. (2021). Towards Cyber Attribution by Deception. In: Abraham, A., Shandilya, S., Garcia-Hernandez, L., Varela, M. (eds) Hybrid Intelligent Systems. HIS 2019. Advances in Intelligent Systems and Computing, vol 1179. Springer, Cham. https://doi.org/10.1007/978-3-030-49336-3_41
Download citation
DOI: https://doi.org/10.1007/978-3-030-49336-3_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49335-6
Online ISBN: 978-3-030-49336-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)