EAGER: Exploring the Use of Deception to Enhance Cyber Security

EAGER：探索利用欺骗手段增强网络安全

• 批准号: 1548114
• 负责人: Eugene Spafford
• 金额: $ 18.23万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-08-01 至 2018-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1548114&HistoricalAwards=false
• 关键词: EAGER; Exploring; Use; Deception; Enhance

Our computing systems are constantly under attack, by everyone from pranksters to agents of hostile nations. Many of those systems and networks make the task of the adversary easier by responding to attacks with useful information. This is because software and protocols have been written for decades to provide informative feedback for error detection and correction. It is precisely this behavior that enhances the chances of success by attackers, by allowing them to map networks and determine system flaws. This research addresses the question "Are there uses of deceptive responses that help prevent successful attacks?" Furthermore, the study investigates if it is possible to characterize and model the types of situations where deception may be useful. The result of this work provides cyber system designers with some new defensive measures, and guidance as to when they are useful to deploy.The project includes two related lines of research. The first of these is to explore some new applications of deceit in system defense. The researchers investigate presenting deceptive responses to attempts to exploit known vulnerabilities, and building a file system that "lies" about the creation and deletion of key files. Each of these mechanisms should support a system's security by providing early warning of bad behavior as well as blunting attacks. Deceitful responses to attacks can lead a perpetrator to employ ineffective attacks, thus wasting time and effort. A deceptive file system can capture forensic data about an attempted attack while only appearing to allow the installation of malicious files. The second line of research explores how to apply hypergame models to cyber defenses using deceptive techniques. Hypergames are an extension of game theory that includes incorrect and uncertain information. By constructing hypergame models we should be able to determine situations where there is a favorable result when deception is employed as a defense.

从恶作剧者到敌对国家的代理商，我们的计算系统一直受到攻击。 这些系统和网络中的许多人通过使用有用的信息来响应攻击，使对手的任务更加容易。 这是因为已经编写了数十年的软件和协议，以提供有用的反馈以进行错误检测和纠正。 正是这种行为通过允许攻击者映射网络并确定系统缺陷来增强攻击者成功的机会。 这项研究解决了一个问题：“是否有欺骗性反应有助于防止成功攻击？” 此外，该研究还研究了是否有可能表征和建模欺骗可能有用的情况的类型。这项工作的结果为网络系统设计师提供了一些新的防御措施，并为部署有用的指导提供了指导。该项目包括两个相关的研究行。 其中首先是探索在系统防御中欺骗的一些新应用。研究人员调查了对试图利用已知漏洞的尝试的欺骗性响应，并构建了一个“存在”关键文件创建和删除的文件系统。 这些机制中的每一个都应通过提供不良行为的预警和钝性攻击来支持系统的安全性。 对攻击的欺骗性反应会导致犯罪者采用无效的攻击，从而浪费时间和精力。 欺骗性文件系统可以捕获有关未遂攻击的法医数据，同时仅出现以安装恶意文件。 第二线研究探讨了如何使用欺骗性技术将超级游戏模型应用于网络防御。 超级游戏是游戏理论的扩展，其中包括不正确和不确定的信息。 通过构建超级游戏模型，我们应该能够确定当采用欺骗作为防御的情况下会产生有利结果的情况。