symbSODA: Configurable and Verifiable Orchestration Automation for Active Malware Deception
Abstract
Malware is commonly used by adversaries to compromise and infiltrate cyber systems in order to steal sensitive information or destroy critical assets. Active Cyber Deception (ACD) has emerged as an effective proactive cyber defense against malware to enable misleading adversaries by presenting fake data and engaging them to learn novel attack techniques. However, real-time malware deception is a complex and challenging task because (1) it requires a comprehensive understanding of the malware behaviors at technical and tactical levels in order to create the appropriate deception ploys and resources that can leverage this behavior and mislead malware, and (2) it requires a configurable yet provably valid deception planning to guarantee effective and safe real-time deception orchestration.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Nov 13, 2023
- Source ID
- 10.1145/3624568
Entities
People
- Basel Abdeen
- Ehab Al-Shaer
- Jinpeng Wei
- Latifur Khan
- Md Sajidul Islam Sajid
- Qi Duan
Organizations
- Army Research Office
- Carnegie Mellon University
- National Science Foundation
- Office of Naval Research
- Towson University
- University of North Carolina at Charlotte
- University of Texas at Dallas