Computer networks may never float like a butterfly, but Penn State information scientists suggest that creating nimble networks that can sense jabs from hackers could help deflect the stinging blows of those attacks.
“Because of the static nature of a computer network, the attacker has a time advantage,” said Dinghao Wu, assistant professor of information sciences and technology. “Hackers can spend a month, two months, six months or more just studying the network and finding vulnerabilities. When they return to use that information to attack, the network typically has not changed and those vulnerabilities are still there, too.”
The researchers, who release their findings at the Information Security Conference held in Honolulu today (Sept. 8), created a computer defense system that senses possible malicious probes of the network and then redirects that attack to a virtual network that offers little information about the real network.
Typically, the first step a hacker takes when attacking a network is a probe to gain information about the system — for example, what software types and versions, operating systems and hardware the network is running. Instead of trying to stop these hackers’ scans, researchers set up a detector to monitor incoming web traffic to determine when hackers are scanning the network.
“We can’t realistically stop all scanning activities, but we can usually tell when a malicious scan is happening,” said Wu. “If it’s a large-scale scan, it is usually malicious.”
Once a malicious scan is detected, the researchers use a network device — called a reflector — to redirect that traffic to a decoy, or shadow network, according to Li Wang, a doctoral candidate in information sciences and technology, who worked with Wu. The shadow network is isolated and invisible from the real network, but can mimic the structure of a physical network to fool the hackers into believing they are receiving information about an actual network.
“A typical strategy would be to create a shadow network environment that has the same look as the protection domain,” said Wang. “It can have the same number of nodes, network topology and configurations to fool the hacker. These shadow networks can be created to simulate complex network structures.”
The system, which is a type of defense known in the computer industry as a moving target defense, also gives network administrators the option to more easily change parts of the shadow network’s virtual system, making it even more difficult for hackers to assess the success of their scans.
Because the reflector can act as a regular network device when no malicious attacks are present, there should be little effect on the real network’s performance and functionality, according to Wu.
The researchers created a prototype for the system and tested it on a simulated network that runs on a computer — a virtual local area network. This allowed them to simulate both the attack and defense without using an actual network. The prototype was able to sense the incoming scan and deflect it to a shadow network.
According to the researchers, the information that was gathered from the attack scan only produced information from the shadow network.
Wu said the next step is to deploy the system in an actual network.
The Latest on: Moving target defense
via Google News
The Latest on: Moving target defense
- NFL Mock Draft: Detroit Lions will likely target defense in first round on December 19, 2018 at 7:05 am
so take these picks as moving targets. Most boards have the Lions going after a pass rusher or defensive back. SB Nation: Greedy Williams, CB, LSU: It’s clear the Lions need to add playmakers on defen... […]
- Polyverse - Moving Target Defense on March 10, 2018 at 6:44 am
Polyverse is a Linux and application security provider serving a number of local clients in the Seattle, WA area as well as throughout the world. Polyverse Polymorphic Linux randomizes and hardens ope... […]
- Moving Target Defense: A Digital Shell Game on November 29, 2017 at 5:02 am
Businesses hate uncertainty. So do their security teams, which is why IT infrastructure at most companies is static, predictable and manageable. Unfortunately, that also makes it a playground for atta... […]
- Moving Target Defense on November 24, 2017 at 1:31 am
Imagine you’re walking into your first job in tech — ever. Crossing that border between a master’s program in computer science and real-world experience. Not really knowing what to expect, you’re shy… ... […]
- Network defense that moves the attacker's target on October 30, 2017 at 11:59 am
Cryptonite’s CryptoniteNXT, which launched Oct. 26, is based on research funded by the Defense and Homeland Security departments into Moving Target Defense, which DHS defines as a way to increase comp... […]
- CryptoMove protects sensitive data by fragmenting it and moving it around on September 19, 2017 at 2:11 pm
But the moving target defense strategy is something new when it comes to storing data. The idea is that a hacker can study your infrastructure and slowly find a way to get into your servers. By consta... […]
- Polyverse Announces Moving Target Defense Suite for Container Environments on June 28, 2017 at 6:11 am
KIRKLAND, Wash.--(BUSINESS WIRE)--Polyverse Corporation, an emerging leader in the fields of DevOps and IoT security, today announced that its Moving Target Defense Suite is available for Docker and K... […]
- Using deception technologies to thwart attacks and reveal targets on January 27, 2017 at 2:24 pm
Take back control The Department of Homeland Security defines Moving Target Defense as "the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparen... […]
- Anti-ROP: A Moving Target Defense on September 1, 2016 at 3:51 am
The recent announcement by Intel and Microsoft about their plans to use control-flow enforcement technology (CET) has some experts waving farewell to return-oriented programming (ROP) attacks. But oth... […]
via Bing News