A Flexible Testbed for Cyber Deception, Cyber Hardening, and Disinformation Research

Abstract

Cyberattacks on computer systems and networks are well known. Internet of Things (IoT)Ñthe physical devices that collect and share data via the Internet for real-time decision making to enhance consumer experience, improve patient care, or increase business efficienciesÑare even more vulnerable to cyberattacks. Billions of IoT devices have been deployed and more are being deployed in consumer environments (e.g., smart lightbulbs and video doorbells), medical facilities (e.g., patient vital sign monitors), and industrial environments (e.g., sensors, actuator, and controllers used to manage the electric grid and other critical infrastructure). Securing IoT devices from cyberattacks is mostly an afterthought. Recent exploitations of IoT devicesÕ vulnerabilities resulted in attacks that brought down the Internet in the Eastern region of the U.S. and caused extensive damage to critical infrastructures. Hardening a device or a network of devices controlled through the Internet to withstand cyberattacks requires an understanding of attack types and attacker capabilities. For this purpose, the tactics, techniques and procedures (TTPs) used, the network traffic generated by attacks, and the logs of system usage during attacks need to be captured and analyzed. A honeynet that mimics operational computer systems and networks creates cyber deception and captures such data. The goal of this project is to design and deploy a deception testbed that can be configured to mimic cyberinfrastructures ranging from advanced processing and networking systems to smart facilities such as homes, buildings, hospitals, and campuses that employ IoT devices. The proposed testbed is a multi-use security research platform with extensive macro- and micro-behavior data collection capability. The testbed will be implemented for multiple configurations to deploy traditional local area networks, IoT networks, and honeynets with intentional vulnerabilities to attract and analyze attacks. The testbed will be instrumented to collect macro-behavior dataÑfor example, network traffic, system calls, and input/output request packets and operationsÑof attacks and micro-behavior dataÑfor example, electrical current, electromagnetic radiation, and microarchitectural level execution profile, since these are harder to mask during the attacks. The proposed testbed will provide a unique capability to observe malware in action and will facilitate significant new research on cyber hardening, cyber deception, attack identification, and prevention of intrusion and exfiltration of data from cyber systems of interest. The capability to test ideas and the datasets generated will benefit the learning experience of students. Hundreds of students will benefit from the class projects based on the testbed data. Scores of students will participate in the research based on the testbed. High school teachers in computer science and cybersecurity will be offered datasets from the testbed and example projects for their courses. The University of Texas at San Antonio (UTSA) is majority-minority institution. The testbed-based research will be used to increase women and underrepresented minority studentsÕ participation in cybersecurity research.

Document Details

Document Type

DoD Grant Award

Publication Date

Jun 25, 2021

Source ID

W911NF2110188

Entities

Tags