Visible to the public Cross-Stack Threat Sensing for Cyber Security and Resilience

TitleCross-Stack Threat Sensing for Cyber Security and Resilience
Publication TypeConference Paper
Year of Publication2018
AuthorsAraujo, F., Taylor, T., Zhang, J., Stoecklin, M.
Conference Name2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)
Date Publishedjun
Keywordsactive mitigation capabilities, composability, Cross Layer Security, cross-stack sensor framework, cross-stack threat sensing, Cyber Operations, cyber resilience, cyber security, cyber-threat data, deception, deceptive attack-response capabilities, equipping applications, honeypots, Intrusion detection, national interest networks, Production, pubcrawl, resilience, Resiliency, Routing, security, security of data, Sensors, Servers, Software, tactical deception capabilities, Weapons

We propose a novel cross-stack sensor framework for realizing lightweight, context-aware, high-interaction network and endpoint deceptions for attacker disinformation, misdirection, monitoring, and analysis. In contrast to perimeter-based honeypots, the proposed method arms production workloads with deceptive attack-response capabilities via injection of booby-traps at the network, endpoint, operating system, and application layers. This provides defenders with new, potent tools for more effectively harvesting rich cyber-threat data from the myriad of attacks launched by adversaries whose identities and methodologies can be better discerned through direct engagement rather than purely passive observations of probe attempts. Our research provides new tactical deception capabilities for cyber operations, including new visibility into both enterprise and national interest networks, while equipping applications and endpoints with attack awareness and active mitigation capabilities.

Citation Keyaraujo_cross-stack_2018