Computer networks may never float like a butterfly, but Penn State information scientists suggest that creating nimble networks that can sense jabs from hackers could help deflect the stinging blows of those attacks.
“Because of the static nature of a computer network, the attacker has a time advantage,” said Dinghao Wu, assistant professor of information sciences and technology. “Hackers can spend a month, two months, six months or more just studying the network and finding vulnerabilities. When they return to use that information to attack, the network typically has not changed and those vulnerabilities are still there, too.”
The researchers, who release their findings at the Information Security Conference held in Honolulu today (Sept. 8), created a computer defense system that senses possible malicious probes of the network and then redirects that attack to a virtual network that offers little information about the real network.
Typically, the first step a hacker takes when attacking a network is a probe to gain information about the system — for example, what software types and versions, operating systems and hardware the network is running. Instead of trying to stop these hackers’ scans, researchers set up a detector to monitor incoming web traffic to determine when hackers are scanning the network.
“We can’t realistically stop all scanning activities, but we can usually tell when a malicious scan is happening,” said Wu. “If it’s a large-scale scan, it is usually malicious.”
Once a malicious scan is detected, the researchers use a network device — called a reflector — to redirect that traffic to a decoy, or shadow network, according to Li Wang, a doctoral candidate in information sciences and technology, who worked with Wu. The shadow network is isolated and invisible from the real network, but can mimic the structure of a physical network to fool the hackers into believing they are receiving information about an actual network.
“A typical strategy would be to create a shadow network environment that has the same look as the protection domain,” said Wang. “It can have the same number of nodes, network topology and configurations to fool the hacker. These shadow networks can be created to simulate complex network structures.”
The system, which is a type of defense known in the computer industry as a moving target defense, also gives network administrators the option to more easily change parts of the shadow network’s virtual system, making it even more difficult for hackers to assess the success of their scans.
Because the reflector can act as a regular network device when no malicious attacks are present, there should be little effect on the real network’s performance and functionality, according to Wu.
The researchers created a prototype for the system and tested it on a simulated network that runs on a computer — a virtual local area network. This allowed them to simulate both the attack and defense without using an actual network. The prototype was able to sense the incoming scan and deflect it to a shadow network.
According to the researchers, the information that was gathered from the attack scan only produced information from the shadow network.
Wu said the next step is to deploy the system in an actual network.
The Latest on: Moving target defense
via Google News
The Latest on: Moving target defense
- Morgan Stanley Boosts Analog Devices (NASDAQ:ADI) Price Target to $108.00on November 30, 2019 at 5:13 pm
Analog Devices (NASDAQ:ADI) had its target price upped by Morgan Stanley from $100.00 to $108.00 in a report ... Analog Devices has a 52 week low of $80.08 and a 52 week high of $124.79. The firm has ...
- Here Is What Really Happened With That Mysterious Washington D.C. Air Defense Scareon November 29, 2019 at 5:28 pm
Before we begin, one must understand that the Washington D.C. Air Defense Identification Zone (ADIZ ... Beyond that, MH-65 Dolphin helicopters at Reagan National Airport stand alert to intercept any ...
- Inside the frantic response to mysterious ‘slow-moving blob’ flying over Washingtonon November 28, 2019 at 2:10 am
The mysterious “slow-moving blob” detected in the skies over Washington prompted a frantic response ... to scramble jets in an effort to prevent a possible attack especially if they don’t have a ...
- Leonard Fournette, DJ Chark Keep Jaguars' Offensive Movingon November 27, 2019 at 6:48 am
Of course, much of the Buccaneers' current defense has very little history with Foles ... shook off two early interceptions to record his sixth straight 300-yard passing game in a 35-22 victory.
- Mysterious Airspace Violation That Triggered D.C. Lockdowns Highlights Air Defense Challengeson November 26, 2019 at 6:41 pm
This helicopter also operates at times from a separate site at Reagan National Airport. The MH-65, among its missions in the area, is on call to specifically to intercept low-and-slow moving targets.
- CryptoMove Announces Their Chrome Browser Extension to Protect Passwords and Other Confidential Information Online with Moving Target Defenseon August 27, 2019 at 6:02 am
OAKLAND, Calif., Aug. 27, 2019 /PRNewswire/ -- VMworld-- CryptoMove, the only cloud-native key vault and secrets management SaaS platform to provide moving target defense for microservices and ...
- Three reasons why moving target defense needs to be a priority in any cybersecurity ctrategyon July 17, 2019 at 8:06 am
The vicious cycle of imbalance between cyber attackers and defenders seems never-ending. Defenders continue to develop and implement new tools to prevent, detect, monitor and remediate cyber threats ...
- 3 reasons why moving target defense must be a priorityon June 9, 2019 at 5:00 pm
But a concept, originally conceived by the Department of Homeland Security, is creating a new paradigm in cyber defense that can for the first time potentially shift the power to the defenders for ...
- Newest Social Capital Board Partner Program Member Michael Roytman Joins CryptoMove Board As Moving Target Data Protection Startup Accelerates Growthon March 20, 2019 at 5:56 am
OAKLAND, Calif., March 20, 2019 /PRNewswire/ -- CryptoMove, the only cloud-native key vault and secrets management platform to provide moving target defense for microservices and multi-cloud, ...
via Bing News