Visible to the public Measuring the Effectiveness of Network Deception

TitleMeasuring the Effectiveness of Network Deception
Publication TypeConference Paper
Year of Publication2018
AuthorsSugrim, Shridatt, Venkatesan, Sridhar, Youzwak, Jason A., Chiang, Cho-Yu J., Chadha, Ritu, Albanese, Massimiliano, Cam, Hasan
Conference Name2018 IEEE International Conference on Intelligence and Security Informatics (ISI)
ISBN Number978-1-5386-7848-0
KeywordsBayes methods, Bayesian inference method, belief system, Computer crime, computer network security, cyber deception strategies, cyber defensive system, cyber reconnaissance, Government, inference mechanisms, IP networks, KL-divergence, measurement uncertainty, Network Deception, Network reconnaissance, network traffic, network-based deception, pubcrawl, Reconnaissance, reconnaissance surface, resilience, Resiliency, Scalability, SDN-based deception system, software defined networking, software-defined networking, target network, Uncertainty

Cyber reconnaissance is the process of gathering information about a target network for the purpose of compromising systems within that network. Network-based deception has emerged as a promising approach to disrupt attackers' reconnaissance efforts. However, limited work has been done so far on measuring the effectiveness of network-based deception. Furthermore, given that Software-Defined Networking (SDN) facilitates cyber deception by allowing network traffic to be modified and injected on-the-fly, understanding the effectiveness of employing different cyber deception strategies is critical. In this paper, we present a model to study the reconnaissance surface of a network and model the process of gathering information by attackers as interactions with a cyber defensive system that may use deception. To capture the evolution of the attackers' knowledge during reconnaissance, we design a belief system that is updated by using a Bayesian inference method. For the proposed model, we present two metrics based on KL-divergence to quantify the effectiveness of network deception. We tested the model and the two metrics by conducting experiments with a simulated attacker in an SDN-based deception system. The results of the experiments match our expectations, providing support for the model and proposed metrics.

Citation Keysugrim_measuring_2018