EAGER: Exploring the Use of Deception to Enhance Cyber Security

EAGER：探索利用欺骗手段增强网络安全

• 批准号: 1548114
• 负责人: Eugene Spafford
• 金额: $ 18.23万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-08-01 至 2018-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1548114&HistoricalAwards=false
• 关键词: EAGER; Exploring; Use; Deception; Enhance

Our computing systems are constantly under attack, by everyone from pranksters to agents of hostile nations. Many of those systems and networks make the task of the adversary easier by responding to attacks with useful information. This is because software and protocols have been written for decades to provide informative feedback for error detection and correction. It is precisely this behavior that enhances the chances of success by attackers, by allowing them to map networks and determine system flaws. This research addresses the question "Are there uses of deceptive responses that help prevent successful attacks?" Furthermore, the study investigates if it is possible to characterize and model the types of situations where deception may be useful. The result of this work provides cyber system designers with some new defensive measures, and guidance as to when they are useful to deploy.The project includes two related lines of research. The first of these is to explore some new applications of deceit in system defense. The researchers investigate presenting deceptive responses to attempts to exploit known vulnerabilities, and building a file system that "lies" about the creation and deletion of key files. Each of these mechanisms should support a system's security by providing early warning of bad behavior as well as blunting attacks. Deceitful responses to attacks can lead a perpetrator to employ ineffective attacks, thus wasting time and effort. A deceptive file system can capture forensic data about an attempted attack while only appearing to allow the installation of malicious files. The second line of research explores how to apply hypergame models to cyber defenses using deceptive techniques. Hypergames are an extension of game theory that includes incorrect and uncertain information. By constructing hypergame models we should be able to determine situations where there is a favorable result when deception is employed as a defense.

我们的计算机系统不断受到攻击，从恶作剧者到敌对国家的代理人。 这些系统和网络中的许多系统和网络通过利用有用的信息对攻击做出响应，使对手的任务变得更容易。 这是因为软件和协议已经编写了几十年，为错误检测和纠正提供信息反馈。 正是这种行为增加了攻击者成功的机会，使他们能够映射网络并确定系统缺陷。 这项研究解决了这样一个问题：“是否有欺骗性的反应，有助于防止成功的攻击？“此外，该研究调查了是否有可能描述和模拟欺骗可能有用的情况类型。这项工作的结果为网络系统设计者提供了一些新的防御措施，并指导他们何时部署。 其中第一个是探索欺骗在系统防御中的一些新应用。研究人员调查了对试图利用已知漏洞的欺骗性反应，并构建了一个关于创建和删除关键文件的“谎言”文件系统。 这些机制中的每一个都应该通过提供不良行为的早期警告以及钝化攻击来支持系统的安全性。 对攻击的欺骗性反应可能导致犯罪者使用无效的攻击，从而浪费时间和精力。 欺骗性文件系统可以捕获有关尝试攻击的取证数据，同时只允许安装恶意文件。 第二条研究路线探索如何将超博弈模型应用于使用欺骗性技术的网络防御。 超博弈是博弈论的一种扩展，它包含了不正确和不确定的信息。 通过构建超博弈模型，我们应该能够确定的情况下，有一个有利的结果时，欺骗作为一种防御。