About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
HICSS 2021
Conference paper
Software deception steering through version emulation
Abstract
Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.