Publications
Computer network deception as a Moving Target Defense
Computer Network Defense (CND) has traditionally been provided using reactionary tools such as signature-based detectors, white/blacklisting, intrusion detection/protection systems, etc. While event detection/correlation techniques may identify threats - those threats are then dealt with manually, often employing obstruction-based responses (e.g., blocking). Literature has shown that as threat sophistication grows, perimeter-planted security efforts are ineffective in combating competent adversaries; malicious actors are already seated behind enterprise defenses, navigating the controls. We have developed a novel approach to CND: the Deception Environment. Under the Deception Environment framework, we have created a live, unpredictable, and adaptable deception network leveraging virtualization/cloud technology, software defined networking, introspection and analytics. The environment not only provides the means to identify and contain the threat, but also facilitates the ability to study, understand, and develop protections against sophisticated adversaries. Its extensibility has enabled us to explore its application as a Moving Target Defense (MTD).