1.
Albert Brzeczko, A. Selcuk Uluagac, Raheem Beyah, John Copeland
Active deception model for securing cloud infrastructure Conference Paper
In the proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM), 2014.
Abstract | Links | BibTeX | Tags: Cloud Security, Honeypot/Honeynet
@conference{BrzeczkoActiveIEEE2014,
title = {Active deception model for securing cloud infrastructure},
author = {Albert Brzeczko and A. Selcuk Uluagac and Raheem Beyah and John Copeland},
url = {https://ieeexplore.ieee.org/abstract/document/6849288/},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {In the proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM)},
abstract = {The proliferation of cloud computing over the past several years has led to a variety of new use cases and enabling technologies for enterprise and consumer applications. Increased reliance on cloud-based platforms has also necessitated an increased emphasis on securing the services and data hosted within those platforms. From a security standpoint, an advantage of cloud platforms over traditional production networks is that they have a dynamic, mutable structure that can change as a result of a variety of factors, so reconnaissance on the part of an attacker is far less predictable. In this work, we propose a novel technique that leverages the amorphous nature of cloud architectures to deceive and redirect potential intruders with decoy assets implanted among production hosts. In this way, attackers encounter and probe decoys that lead them to reveal their motives and cause them to be less likely to compromise their intended target, particularly once they have revealed their tactics against decoy assets. We show that our technique, after having been exposed to live traffic for approximately one month, detected 1,255 highly malicious hosts and was able to divert 97.5% of malicious traffic from these hosts. This traffic would have otherwise reached production hosts and potentially led to compromise.},
keywords = {Cloud Security, Honeypot/Honeynet},
pubstate = {published},
tppubtype = {conference}
}
The proliferation of cloud computing over the past several years has led to a variety of new use cases and enabling technologies for enterprise and consumer applications. Increased reliance on cloud-based platforms has also necessitated an increased emphasis on securing the services and data hosted within those platforms. From a security standpoint, an advantage of cloud platforms over traditional production networks is that they have a dynamic, mutable structure that can change as a result of a variety of factors, so reconnaissance on the part of an attacker is far less predictable. In this work, we propose a novel technique that leverages the amorphous nature of cloud architectures to deceive and redirect potential intruders with decoy assets implanted among production hosts. In this way, attackers encounter and probe decoys that lead them to reveal their motives and cause them to be less likely to compromise their intended target, particularly once they have revealed their tactics against decoy assets. We show that our technique, after having been exposed to live traffic for approximately one month, detected 1,255 highly malicious hosts and was able to divert 97.5% of malicious traffic from these hosts. This traffic would have otherwise reached production hosts and potentially led to compromise.
Citations: 8413
h-index: 44
i10-index: 107
