Cyber Moat: Adaptive Virtualized Network Framework for Deception and Disinformation

Abstract

Short Work Statement The proposed research is to design and develop an adaptive cloaking, deception and disinformation infrastructure called Cyber Moat that protects a real system through cloaking it in a continuously morphing virtual network and serves disinformation (strategic misleading information) with a novel Decoy Master/Agent mechanism to provides high fidelity and convince the trapped attackers of their (false) success. They plan to achieve both deception and disinformation goals using the flexible virtualized network framework. The PI will also investigate the indistinguishable property of the decoy, as one of the measure for effectiveness of the system. Objective The goal of this project is to investigate the construction and efficacy of dynamically configured virtual decoys for protecting critical computing infrastructure, and projecting a mirage of a subnet for each single end-point. This mirage environment has dual use as either a mutating decoys for protecting the end-point or as an infrastructure to serve strategic deception and dis-information. Approach A network mirage can be created through emulating a network and hosts with only occasional and minor changes. Thus, strategic disinformation can be served to the trapped attackers and make them believe what we want them to believe. The effort for providing virtual indistinguishable properties for the mirage nodes can be very expensive, as each mirage node needs to function as a proper and active computing system. The PI proposes a decoy master/agent approach to defeat both fingerprinting-based and timing-based decoy detection techniques. Moreover, they propose to achieve a continuous morphing network topology through various aspects of the virtualized network components, including the addressing, network topology, routing, and access control. They will focus on studying the optimal combination of multiple dynamics and designing a dynamics manager to monitor and control various dynamics through a generalized communication interface. Overall Merit and ONR Mission/Relevance The program s overall objective is to protect the real system running on a host computer via mutable virtualized large-scale decoys. In moving target mode, CyberMoat prevents adversary from mapping and gaining information of our system, by presenting a continuously mutating environment. In deception mode, CyberMoat cam present a trap for the adversary to fall into and feed them with strategic deceptions. Providing dynamic decoys around critical Navy s computing infrastructure can enhance its ability to thwart cyber attack. Moreover, in conjunction with deception, the concept of cyber-decoy can also be use to disseminate strategic dis-information to mislead the attacker, while shielding the computing infrastructure against attack.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 08, 2016

Source ID

N000141512012

Entities

Tags