Deceiving the Deceivers: Active Counterdeception for Software Protection
Small Business Information
421 SW Sixth, Suite 300, Portland, OR, -
AbstractDoD operations and infrastructure increasingly depends on software, which makes it an attractive target for our adversaries. Not surprisingly, deception plays a central role in most cyberattacks. To better protect these critical systems, we propose to design and build an"active counterdeception"software protection system which we call CYCHAIR that both incorporates the right sensors, and enables the right mind-set for its operators. CYCHAIR consists of two complimentary technologies. The first piece the ability to easily generate large numbers of reusable, extensible and highly reconfigurable decoys. These decoys serve multiple purposes: first of all, they serve to increase the adversary"s workload while confusing them as to the manner and location of the real targets. Secondly, they serve as intelligence gatherers, recording all the adversarial interactions. These records are fed to the second piece of the system, an inference engine we call LAIR (Logic for Adversarial Inference and Response). These inferences can be used to automatically trigger dynamic reconfiguration of the decoys (to further frustrate and slow down the adversary), and used as recommendations to the human-in-the-loop for additional active responses to the attack.
* information listed above is at the time of submission.