You are here

Software Deception as a Countermeasure to Attacks on Software Protection Systems


TECHNOLOGY AREAS: Information Systems

OBJECTIVE:  Develop innovative countermeasures to attacks on critical software using software decoys and deception.

DESCRIPTION:  The effective use of deception in traditional warfare dates back thousands of years [1].  Most notably, its effective use has been demonstrated in World War II [2] and Operation Desert Storm [1].  However, research on the use of software decoys and deception, as a defensive mechanism in software protection systems is currently limited.  There are a number of possible reasons for this.  First, deceptive techniques do not (by themselves) provide secure systems, since they often are dependent on the mindset of the adversary, which is either not known or not well modeled.  Secondly, deception techniques are often viewed as ‘single use’ technology, since once the deception is exposed that particular deceptive technique can no longer be used in the same scenario.  Third, software decoys often cannot be generalized and require tailoring by subject matter experts to make them indistinguishable from the legitimate applications that are the target of attack.  Software deception [3] has, therefore, become a highly underutilized tactic in an overall strategy to defeat cyber attacks by providing a layered defense.

To remedy the disadvantages noted above, we desire to develop a software deception strategy and architecture, with techniques that can measurably increase the effectiveness of software protection systems with statistical significance.  This topic will contribute to an overall plan to understand the adversary’s strategies and tactics in order to build real-time adaptive software protection systems.  Components to the plan include inferring adversarial intent to determine the purpose of the attack; extracting adversarial reasoning to determine our opponents goals and strategy in order to predict their ‘next move’, and the use of deception for tactical advantages, including attack misdirection and avoidance.  Research areas of interest include, but are not limited to, the use of deception for (1) adversarial intent (2) adversarial reasoning [4], (3) attacker attribution, (4) attack avoidance/delay, and (5) intelligence gathering.

PHASE I:  1) Develop a strategy and architecture using software decoys and deception as a countermeasure to attacks on critical software and data.  2) Develop a concept for building individual software decoys and deceptive techniques that will plug into the overall system, and design one or more individual decoys or deceptive techniques, 3) Develop metrics and a strategy for measuring the effectiveness of the proposed decoys and/or deceptive techniques.  4) Produce a detailed research report outlining the design and architecture of the system, as well as the advantages and disadvantages of the proposed approach.

PHASE II: 1) Based on the results from Phase I, design and implement a fully functioning prototype solution.  2) Provide test and evaluation results that demonstrate the effectiveness of individual software deception techniques and decoys, as well as the effectiveness of the overall system 3) Develop a final report describing the strategy, architecture, and the design and development of individual decoys or deceptive techniques.

PHASE III DUAL-USE APPLICATIONS:  The technology developed under this research topic will mitigate the risk of attack on software protection systems and lead to mission assurance.  DoD applications that will benefit from this technology include a wide range of embedded systems, such as weapons systems, avionics, communications, and sensor systems.   Commercial applications include insider threat attribution, communication systems, SCADA systems, and other high-value targets, such as banking systems.  As a result, this technology is vital for both the DoD and commercial organizations.

US Flag An Official Website of the United States Government