Go to DBLP homepageA New Method of Cyber Deception Defense
Abstract: New network attacks such as Advanced Persistent Threats (APTs) have created an asymmetric dynamic between attackers and defenders. Traditional defense mechanisms typically focus on perimeter security, rendering them ineffective once attackers infiltrate the network. Cyber deception defense, on the other hand, proactively establishes a deceptive environment to manipulate attackers’ perceptions and decisions, thereby delaying, detecting, and potentially thwarting attacks. This paper introduces a novel approach rooted in cyber deception defense, utilizing FPGA technology. By harnessing network packet rewriting techniques on FPGA, this method rapidly generates numerous disguised hosts and ports. The implementation of this approach on an FPGA hardware platform allows for the evaluation of its effectiveness. In simulated environments, the method demonstrates remarkable efficiency in constructing deceptive environments, with a policy query time of approximately 50ns. Transitioning to real-world network scenarios, the prototype system extends the time required for attackers to identify genuine hosts by a factor of 4.5. Moreover, the average delay time of the prototype system in processing 64-byte data packets is approximately 5.68us, showcasing consistent performance across various deception strategies. Crucially, the system’s overhead remains minimal, effectively confounding and deterring attackers while increasing the complexity and cost associated with mounting successful attacks.
External IDs:dblp:conf/iscc/LiuSSZ24
Loading