Researchers strive to make it more difficult for attackers to know when a system starts to detect and deceive a bad actor – ScienceDaily



[ad_1]

Can you deceive a deceiver? This is the question that computer scientists from Binghamton University and the New York State University have recently explored.

Assistant professors in computer science Guanhua Yan and Zhan Shu, PhD student, are studying how to make cyber-fraud a more effective tool against malicious hackers.

Their study was inspired by the 2013 data breach by Target, which affected 41 million consumers and cost $ 18.5 million, and by the Equifax hacking in 2017, which revealed personal information of 147 , 7 million Americans. These two elements can be classified as Advanced Persistent Threats (APTs).

Yan and Shu wanted to improve the way hackers are countered when they try APTs, so they focused on refining existing cyber-deception tools.

Cyber-deception is a sensitive technique that places malicious hackers in a false environment as soon as the system detects ongoing hacking.

In the summary of the study, the researchers wrote that "the main objective of our work is to ensure the consistency of deception: when the attackers are trapped, they can only make observations consistent with what they have already seen so as not to be able to recognize deceptive environment ".

They found that focusing solely on showing attackers what had been seen before increases the efficiency of deception.

"The problem is that sometimes, cyber-fraud uses what are called" lies "that are easily recognizable by the attacker.Once the fraud is carried out, the attacker can s & rsquo; Adjust and bypass this form of protection, "Yan said.

Yan and Shu's Deception Consistency Method was tested on students who have recently completed a course on cybersecurity. Students have been asked to behave like malicious hackers, some in a deceptive environment.

The researchers found that because the deceptive environment was what students had seen before, most did not realize that they had gone into deception.

"It was clear that most students simply guessed whether they had entered the deceptive environment or not – they could not really tell the difference when we used our consistent model," Yan said.

While the consistency of deception may make it more difficult for APT attackers to recognize deception, the researchers made it clear that the proposed method was not a panacea for things like what happened to Target and Equifax.

"This may not stand up to more advanced attacks, but we will continue to improve the efficiency of deception-based methods against various attack scenarios," Yan said.

Yan and Shu have published "Ensuring Consistency of Deception for Enhanced FTP Services Against Persistent Advanced Threats" in the recent work of the 5th ACM Mobile Target Defense Workshop.

Source of the story:

Material provided by Binghamton University. Note: Content can be changed for style and length.

[ad_2]
Source link