A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks

Alexandria Farar, Hayretdin Bahsi, Bernhards Blumbergs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: Reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization's network topology, services and resources.

Original languageEnglish (US)
Title of host publication2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509050666
DOIs
StatePublished - Sep 29 2017
Externally publishedYes
Event2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017 - London, United Kingdom
Duration: Jun 19 2017Jun 20 2017

Publication series

Name2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017

Conference

Conference2017 International Conference On Cyber Incident Response, Coordination, Containment and Control, Cyber Incident 2017
Country/TerritoryUnited Kingdom
CityLondon
Period6/19/176/20/17

Keywords

  • cyber kill chain
  • Deception
  • highly targeted attack
  • honeypots

ASJC Scopus subject areas

  • Information Systems and Management
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks'. Together they form a unique fingerprint.

Cite this