In recent years, we have witnessed a rise in quantity and sophistication of cyber attacks. Meanwhile, traditional defense techniques have not been adequate in addressing this status quo. This is because the focus has remained mostly on either identifying and patching exploits, or detecting and filtering them. These techniques are only effective when intrusions are known or detectable. However, unknown (zero-day) vulnerabilities are constantly being discovered, and known vulnerabilities are not often patched promptly. Even worse, while defenders need to patch all vulnerabilities and intrusions paths against unknown malicious entities, the attackers only need to discover only one successful intrusion path in a system that is known and static. These asymmetric advantages have constantly kept attackers one step ahead of defenders.
To reverse this asymmetry in cyber warfare, we aim to propose new proactive defense paradigms that can deter or deceive cyber attackers without relying on intrusion detection and prevention and by offering cyber agility as a system property. Cyber agility allows for system configuration to be changed dynamically without jeopardizing operational and mission requirements of the system. In this thesis, we introduce two novel cyber agility techniques based on two paradigms of cyber deterrence and cyber deception. Cyber deterrence techniques aim to deter cyber threats by changing system configurations randomly and frequently. In contrast, cyber deception techniques aim to deflect attacks to fake targets by misrepresenting system configurations strategically and adaptively.
In the first part of this dissertation, we propose a multi-strategy, multi-parameter and multi-dimensional host identity mutation technique for deterring reconnaissance attacks. This deterrence is achieved by mutating IP addresses and anonymizing fingerprints of network hosts both proactively and adaptively. Through simulation and analytical investigation, we show that our approach significantly increases the attack cost for coordinated scanning worms, advanced network reconnaissance techniques, and multi-stage APT attacks.
In the second part, we propose a formal framework to construct active cyber deception plans that are goal-oriented and dynamic. Our framework introduces a deception logic that models consistencies and conflicts among various deception strategies (e.g., lies) and quantifies the benefit and cost of potential deception plans.
In the third part, we demonstrate and evaluate our deception planning framework by constructing an effective deception plan against multi-stage attacks. Through our experimentation, we show that the generated deception plans are effective and economical, and outperform existing or random deception plans.
|Commitee:||Chu, Bill, Cukic, Bojan, Wei, Jinpeng|
|School:||The University of North Carolina at Charlotte|
|School Location:||United States -- North Carolina|
|Source:||DAI-B 79/03(E), Dissertation Abstracts International|
|Keywords:||Cyber agility, Cyber deception, Cyber deterrence, Deception planning, IP mutation, Network reconnaissance|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be