AHEAD: A New Architecture for Active Defense

Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense Pub Date : 2016-10-24 DOI:10.1145/2994475.2994481

Fabio De Gaspari, S. Jajodia, L. Mancini, Agostino Panico

{"title":"AHEAD: A New Architecture for Active Defense","authors":"Fabio De Gaspari, S. Jajodia, L. Mancini, Agostino Panico","doi":"10.1145/2994475.2994481","DOIUrl":null,"url":null,"abstract":"Active defense is a popular defense technique based on systems that hinder an attacker's progress by design, rather than reactively responding to an attack only after its detection. Well-known active defense systems are honeypots. Honeypots are fake systems, designed to look like real production systems, aimed at trapping an attacker, and analyzing his attack strategy and goals. These types of systems suffer from a major weakness: it is extremely hard to design them in such a way that an attacker cannot distinguish them from a real production system. In this paper, we advocate that, instead of adding additional fake systems in the corporate network, the production systems themselves should be instrumented to provide active defense capabilities. This perspective to active defense allows containing costs and complexity, while at the same time provides the attacker with a more realistic-looking target, and gives the Incident Response Team more time to identify the attacker. The proposed proof-of-concept prototype system can be used to implement active defense in any corporate production network, with little upfront work, and little maintenance.","PeriodicalId":343057,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2994475.2994481","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

Abstract

Active defense is a popular defense technique based on systems that hinder an attacker's progress by design, rather than reactively responding to an attack only after its detection. Well-known active defense systems are honeypots. Honeypots are fake systems, designed to look like real production systems, aimed at trapping an attacker, and analyzing his attack strategy and goals. These types of systems suffer from a major weakness: it is extremely hard to design them in such a way that an attacker cannot distinguish them from a real production system. In this paper, we advocate that, instead of adding additional fake systems in the corporate network, the production systems themselves should be instrumented to provide active defense capabilities. This perspective to active defense allows containing costs and complexity, while at the same time provides the attacker with a more realistic-looking target, and gives the Incident Response Team more time to identify the attacker. The proposed proof-of-concept prototype system can be used to implement active defense in any corporate production network, with little upfront work, and little maintenance.

查看原文本刊更多论文

未来:积极防御的新架构

主动防御是一种流行的防御技术，它基于通过设计阻止攻击者前进的系统，而不是在检测到攻击后才对攻击做出反应。众所周知的主动防御系统是蜜罐。蜜罐是假的系统，设计成看起来像真实的生产系统，旨在捕获攻击者，并分析他的攻击策略和目标。这些类型的系统有一个主要的弱点:很难设计成攻击者无法将它们与真正的生产系统区分开来的方式。在本文中，我们主张不要在公司网络中添加额外的假系统，而应该对生产系统本身进行配置，以提供主动防御能力。这种主动防御的视角允许控制成本和复杂性，同时为攻击者提供了一个更真实的目标，并为事件响应团队提供了更多时间来识别攻击者。提出的概念验证原型系统可用于在任何企业生产网络中实现主动防御，前期工作很少，维护也很少。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense

自引率

0.00%

发文量