Fool Your Enemies: Enable Cyber Deception and Moving Target Defense for Intrusion Detection in SDN

The adoption of deception technology constructed to throw off stealthy attackers from real assets and gather intelligence about how they operate is gaining ground in the network system. Also, some static honeypots are deployed in the network system to attract adversaries for avoiding them accessing the real targets. This leads to a disclosure of the existence of cyber traps in the network that do not fool skillful attackers. Meanwhile, there are many intrusion detection systems (IDS) lack the abnormal traffic sample to obtain the knowledge of cyberattacks. Hence, it is vital to make honeypots more dynamically and give the material for harvesting useful threat intelligence for detector. Taking advantage of Software Defined Networking (SDN), cyber traps can be easily deployed when an intrusion detector triggers or actively laid in advance to mitigate the impact of adversaries into real assets. Instead of building IDS separately or blocking attacks promptly after an alert issued, in this paper, we utilize the strategy of associating Cyber Deception, and Moving Target Defense (MTD) with IDS in SDN, named FoolYE (Fool your enemies) to slow a network intruder down and leverage the behaviors of adversaries on traps for feeding back detector awareness.