Computer networks may never float like a butterfly, but Penn State information scientists suggest that creating nimble networks that can sense jabs from hackers could help deflect the stinging blows of those attacks.
“Because of the static nature of a computer network, the attacker has a time advantage,” said Dinghao Wu, assistant professor of information sciences and technology. “Hackers can spend a month, two months, six months or more just studying the network and finding vulnerabilities. When they return to use that information to attack, the network typically has not changed and those vulnerabilities are still there, too.”
The researchers, who release their findings at the Information Security Conference held in Honolulu today (Sept. 8), created a computer defense system that senses possible malicious probes of the network and then redirects that attack to a virtual network that offers little information about the real network.
Typically, the first step a hacker takes when attacking a network is a probe to gain information about the system — for example, what software types and versions, operating systems and hardware the network is running. Instead of trying to stop these hackers’ scans, researchers set up a detector to monitor incoming web traffic to determine when hackers are scanning the network.
“We can’t realistically stop all scanning activities, but we can usually tell when a malicious scan is happening,” said Wu. “If it’s a large-scale scan, it is usually malicious.”
Once a malicious scan is detected, the researchers use a network device — called a reflector — to redirect that traffic to a decoy, or shadow network, according to Li Wang, a doctoral candidate in information sciences and technology, who worked with Wu. The shadow network is isolated and invisible from the real network, but can mimic the structure of a physical network to fool the hackers into believing they are receiving information about an actual network.
“A typical strategy would be to create a shadow network environment that has the same look as the protection domain,” said Wang. “It can have the same number of nodes, network topology and configurations to fool the hacker. These shadow networks can be created to simulate complex network structures.”
The system, which is a type of defense known in the computer industry as a moving target defense, also gives network administrators the option to more easily change parts of the shadow network’s virtual system, making it even more difficult for hackers to assess the success of their scans.
Because the reflector can act as a regular network device when no malicious attacks are present, there should be little effect on the real network’s performance and functionality, according to Wu.
The researchers created a prototype for the system and tested it on a simulated network that runs on a computer — a virtual local area network. This allowed them to simulate both the attack and defense without using an actual network. The prototype was able to sense the incoming scan and deflect it to a shadow network.
According to the researchers, the information that was gathered from the attack scan only produced information from the shadow network.
Wu said the next step is to deploy the system in an actual network.
The Latest on: Moving target defense
via Google News
The Latest on: Moving target defense
- Patriot Missile Problems? It Looks Like America's Missile Defense Didn't Work Against Iranon March 23, 2020 at 2:56 pm
can destroy targets moving twice as fast and can be mounted for action in five minutes, compared with an hour for a Patriot battery. ... Russia pairs its S-400s with the smaller Pantsir-S1 system, to ...
- Jalen Mills says he’s “going to be playing the same position” that Malcolm Jenkins played in the Eagles’ defenseon March 23, 2020 at 12:02 pm
The Philadelphia Eagles took on a big challenge last week when they announced their decision to move on from Malcolm Jenkins. Replacing such an indispensable player is no easy task. So, how will the ...
- If the Redskins decide that trading back makes sense, Grant Delpit instantly becomes a viable target.on March 22, 2020 at 9:00 am
The question moving forward is how can he develop in this regard, to rely on him right now as a last line of defense will be hard to do. This flaw can significantly hinder a good player like Delpit ...
- IT systems and inspections: A moving targeton March 19, 2020 at 8:37 am
Anniston Army Depot's Directorate of Information Management is inspected by multiple commands for many different reasons. As the network has grown, so have the scopes of focus for the various ...
- NFL free agency: Free agents Jack Del Rio might want to target for Redskins defenseon March 13, 2020 at 9:36 am
For new Redskins defensive coordinator Jack Del Rio, it's possible one free agent target already got swallowed up ... Will they be ready to compensate either Cooper or Jones the way they want to be?
- RunSafe Security: Lockheed Martin Ventures And NextGen Venture Partners Invest $3.5 Millionon March 7, 2020 at 4:00 pm
RunSafe’s platform Alkemist is known for inoculating software binaries using runtime application self-protection (RASP) and moving-target defense (MTD) methods. This reduces risks by making each ...
- Lockheed Martin Ventures and NextGen Venture Partners Invest in RunSafe Securityon March 5, 2020 at 1:00 am
RunSafe's patented platform, Alkemist ®, inoculates software binaries using runtime application self-protection (RASP) and moving-target defense (MTD) methods. This significantly reduces risks by ...
- Report: Hackers target defense contractors, telecomson March 4, 2020 at 7:24 am
"What we've observed is them actively targeting defense industrial base, members of the military who are moving into civilian jobs, and using that transitional point to target individuals, get access ...
- Report: Hackers target telecoms, defense contractorson March 3, 2020 at 2:56 pm
"What we've observed is them actively targeting defense industrial base, members of the military who are moving into civilian jobs, and using that transitional point to target individuals ...
via Bing News