A CONCEPTUAL MODEL OF THE ARCHITECTURE OF MULTI-COMPUTER SYSTEMS WITH DECOYS AND TRAPS FOR DETECTING AND COUNTERING MALWARE AND COMPUTER ATTACKS
DOI:
https://doi.org/10.32782/IT/2023-3-3Keywords:
deceptive systems; multicomputer systems; controller; malicious software; computer attacks.Abstract
The work analyzes such a class of systems for detecting and countering malicious software and computer attacks as deception systems. In such systems, functional systems of baits and traps are laid. And such systems are used in addition and compatible with the rest of the systems of the other direction to detect and counter malicious software and computer attacks. When operating corporate networks, various systems for detecting and countering malicious software and computer attacks are used. The main task for administrators of corporate networks is to ensure that the tools they use and their features are not known to attackers. The paper proposes a conceptual model of the architecture of multicomputer systems with decoys and traps for detecting and countering malicious software and computer attacks. The peculiarity of the proposed model is that it synthesizes the characteristic properties of this class of systems and a special characteristic property. This characteristic property is the controller of the system according to the decisions made in it. This is necessary so that systems of this class are unknown to attackers. This will make it possible to provide effective countermeasures against attackers who attempt to penetrate corporate networks using various methods and means. The paper proposes a method for calculating the efficiency of multicomputer systems of this class. Also, an experiment was set up for the developed system according to the proposed conceptual model. The results of the conducted experiment confirm the perspective of research in the direction of using the controller in multicomputer systems of baits and traps for the detection and countermeasures of malware and computer attacks. The direction of further research will be detailing the proposed conceptual model of the architecture of multicomputer systems to the level of typical elements and components and, accordingly, supplementing it with a display of the connections between them.
References
Zobal L. D. Kolář, R. Fujdiak. Current State of Honeypots and Deception Strategies in Cybersecurity. 11th International Congress on Ultra-Modern Telecommunications and Control Systems and Workshops (ICUMT). Dublin, Ireland, 2019. P. 1-9.
Almeshekah M.H., Spafford E.H. Cyber Security Deception. Cyber Deception. Springer, Cham, 2016.
Fraunhol D., Anton S.D., Lipps C., Reti D., Krohmer D., Pohl F., Tammen M., Schotten D. Demystifying Deception Technology: A Survey. arXiv:1804.06196v1 [cs.CR] 17 Apr 2018 1, 2.
Zielinski D., Kholidy H.A. An Analysis of Honeypots and their Impact as a Cyber Deception Tactic.arXiv:2301.00045v1.
Acosta, J.C., Basak, A., Kiekintveld, C., Kamhoua C. Lightweight On-Demand Honeypot Deployment for Cyber Deception. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Springer, Cham. 2019. Vol. 441. P. 1-18.
Anwar A.H., Kamhoua C.A., Leslie N.O., Kiekintveld C. Honeypot Allocation for Cyber Deception Under Uncertainty. IEEE Transactions on Network and Service Management. Sept. 2022. Vol. 19, no. 3, pp. 3438-3452.
Tsikerdekis M., Zeadally S., Schlesener A. Sklavos N., Approaches for Preventing Honeypot Detection and Compromise. 2018 Global Information Infrastructure and Networking Symposium (GIIS), Thessaloniki, Greece. 2018. P. 1-6.
Mphago B., Shedden M.D.M. Deception in Web Application Honeypots: Case of Glastopf. International Journal of Cyber-Security and Digital Forensics. 2017. Vol. 6: P. 179-185.
Sayed M.A., Anwar A.H., Kiekintveld C. Kamhoua C. Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach. arXiv:2308.11817v2 [cs.GT] 5 Sep 2023.
Anwar A.H., Kamhoua C.A. Cyber Deception using Honeypot Allocation and Diversity: A Game Theoretic Approach. 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA. 2022. P. 543-549.
Katakwar H., Aggarwal P., Maqbool Z. Front V.D. Influence of Network Size on Adversarial Decisions in a Deception Game Involving Honeypots. Front. Psychol., 25 September 2020 Sec. Cognition Volume 11, P. 1-13.
Çeker H., Zhuang J., Upadhyaya S., La Q.D. Soong, BH. Deception-Based Game Theoretical Approach to Mitigate DoS Attacks. Decision and Game Theory for Security. GameSec 2016. Lecture Notes in Computer Science. Springer, Cham. Vol 9996.
Huang L. Zhu Q. Duplicity Games for Deception Design With an Application to Insider Threat Mitigation. IEEE Transactions on Information Forensics and Security. 2021. Vol. 16, P. 4843-4856.
Anwar A.H., Zhu M., Z. Z., Cho J. -H., Kamhoua C. A., Singh M. P. Honeypot-Based Cyber Deception Against Malicious Reconnaissance via Hypergame Theory. GLOBECOM 2022 – 2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil. 2022, P. 3393-3398.
Razali M.F., Razali M. N., Mansor F. Z., Muruti G., Jamil N. IoT Honeypot: A Review from Researcher’s Perspective,” 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia. 2018. P. 93-98.
Priya V.S.D., Chakkaravarthy S.S. Containerized cloud-based honeypot deception for tracking attackers. Sci Rep 13. 2023. Vol. 1437
Sikos, L.F., Valli, C., Grojek, A.E. et al. CamDec: Advancing Axis P1435-LE video camera security using honeypot-based deception. J Comput Virol Hack Tech (2023). 2023.
Feng, M. et al. A Novel Deception Defense-Based Honeypot System for Power Grid Network. In: Qiu, M., Gai, K., Qiu, H. (eds) Smart Computing and Communication. SmartCom 2021. Lecture Notes in Computer Science. Springer, Cham. 2022. Vol. 13202.
Abe S., Tanaka Y., Uchida Y., Horata S. Developing Deception Network System with Traceback Honeypot in ICS Network. SICE Journal of Control, Measurement, and System Integration, 11:4. 2018. P. 372-379.
Wegerer M., Tjoa S. Defeating the Database Adversary Using Deception – A MySQL Database Honeypot. International Conference on Software Security and Assurance (ICSSA), Saint Pölten, Austria. 2016, P. 6-10.
URL: https://www.acalvio.com/product/ 04.09.2023
URL: https://www.countercraftsec.com/ 13.09.2023
URL: https://www.sentinelone.com/surfaces/identity/ 12.09.2023
URL:https://www.proofpoint.com/us/illusive-is-now-proofpoint 12.09.2023
URL: https://fidelissecurity.com/platforms/fidelis-deception/ 13.09.2023