TY - GEN
T1 - A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks
AU - Farar, Alexandria
AU - Bahsi, Hayretdin
AU - Blumbergs, Bernhards
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/9/29
Y1 - 2017/9/29
N2 - Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: Reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization's network topology, services and resources.
AB - Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: Reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization's network topology, services and resources.
KW - cyber kill chain
KW - Deception
KW - highly targeted attack
KW - honeypots
UR - http://www.scopus.com/inward/record.url?scp=85034629163&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85034629163&partnerID=8YFLogxK
U2 - 10.1109/CYBERINCIDENT.2017.8054640
DO - 10.1109/CYBERINCIDENT.2017.8054640
M3 - Conference contribution
AN - SCOPUS:85034629163
T3 - 2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017
BT - 2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017
Y2 - 19 June 2017 through 20 June 2017
ER -