Researchers Devise New Method of Intrusion Deception for SDN

  /     /     /  
Publicated : 23/11/2024   Category : security


Researchers Devise New Method of Intrusion Deception for SDN


Team from University of Missouri take wraps off Dolus, a system ‘defense using pretense’ which they say will help defend software-defined networking (SDN)



Researchers with University of Missouri hope to move the ball forward on cyber decepton technology with a new form of intrusion deception they designed specifically to help defend software-defined networking (SDN) cloud infrastructure.
Their system, called Dolus, was designed using pretense theory from child-play psychology and machine learning to fool attackers: giving them a false sense of success that buys defenders time to thwart DDoS and targeted attacks while collecting valuable threat intelligence in the process.
With the time gained through effective pretense initiation in the case of DDoS attacks, cloud service providers could coordinate across a unified (software defined everything Infrastructure) SDxI infrastructure involving multiple (autonomous systems) ASes to decide on policies that help in blocking the attack flows closer to the source side, they wrote in 
their research
.
This is a classic sales pitch for intrusion deception methods, which can vary in sophistication from simple honeypots or honey nets all the way up to fully simulated systems and environments.
Research lead Prasad Calyam, associate professor of electrical engineering and computer science and the director of Cyber Education and Research Initiative in the MU College of Engineering, says the difference with Dolus is that its more fully simulating an SDN environment in production.
Honepots - they were more like pre-deployments of applications - so before something goes live you do a lot of this resilience testing and then once things are live, you dont do much in terms of sophisticated defense, says Calyam, who believes more sophisticated forms of intrusion deception are under-explored.
The question is whether the market has already beaten Calyam and his cohort to the punch when it comes to evolving deception technology. Players like Cymmetria, TrapX, and Attivo are currently duking it out with commercial products moving in this direction, and a recent report from Market Insights Reports shows the market will grow by more than 15% annually through 2025.
So it’s no surprise that analysts like Rich Mogull and Adrian Lane of Securosis wonder whether this is much different than what practitioners already have access to on the market. 
Lane says hes highly skeptical from what hes seen skimming through the research. And Mogull notes that while he likes the concept of tricking attackers with deception, simply putting forward an advance using some social theory and AI/machine learning may not be enough to differentiate Dolus from existing deception products.
It isnt that hard to trick attackers, Mogull says, also noting that the DDoS defense for SDN may still have a very limited market. The market is somewhat limited to cloud providers. Very few enterprises are running SDN.
Calyam, however, believes that there is still room for the field to advance, and his teams next step is in exploring how to coordinate policies across providers software-defined infrastructure in order to provide a defense that helps the ecosystem improve defense. Theyre seeking a means of distributed trust, perhaps through the use of blockchain, to accomplish this.
Related Content:
Deception: Honey vs. Real Environments
The Difference Between Sandboxing, Honeypots & Security Deception
6 Ways to Anger Attackers on Your Network
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Devise New Method of Intrusion Deception for SDN