skip to main content
10.1145/3268966.3268971acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
research-article
Public Access

Ensuring Deception Consistency for FTP Services Hardened against Advanced Persistent Threats

Published: 15 January 2018 Publication History

Abstract

As evidenced by numerous high-profile security incidents such as the Target data breach and the Equifax hack, APTs (Advanced Persistent Threats) can significantly compromise the trustworthiness of cyber space. This work explores how to improve the effectiveness of cyber deception in hardening FTP (File Transfer Protocol) services against APTs. The main objective of our work is to ensure deception consistency: when the attackers are trapped, they can only make observations that are consistent with what they have seen already so that they cannot recognize the deceptive environment. To achieve deception consistency, we use logic constraints to characterize an attacker's best knowledge (either positive, negative, or uncertain). When migrating the attacker's FTP connection into a contained environment, we use these logic constraints to instantiate a new FTP file system that is guaranteed free of inconsistency. We performed deception experiments with student participants who just completed a computer security course. Following the design of Turing tests, we find that the participants' chances of recognizing deceptive environments are close to random guesses. Our experiments also confirm the importance of observation consistency in identifying deception.

References

[1]
https://www.equifaxsecurity2017.com/.
[2]
Bftpd. http://bftpd.sourceforge.net/.
[3]
CRIU. https://criu.org/.
[4]
CVE Details. https://www.cvedetails.com/.
[5]
File Transfer Protocol. https://en.wikipedia.org/wiki/File_Transfer_Protocol.
[6]
gFTP. https://www.gftp.org/.
[7]
Kippo - SSH Honeypot. https://github.com/desaster/kippo.
[8]
Papers from the Honeynet project. https://www.honeynet.org/papers.
[9]
ProFTPD. http://www.proftpd.org/.
[10]
Scapy. http://www.secdev.org/projects/scapy/.
[11]
CVE-2013--4730. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013--4730, 2013.
[12]
F. Araujo, K. W. Hamlen, S. Biedermann, and S. Katzenbeisser. From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of ACM CCS'14, 2014.
[13]
Archlinux. Sparse file. https://wiki.archlinux.org/index.php/sparse_file.
[14]
K. Borders, L. Falk, and A. Prakash. Openfire: Using deception to reduce network attacks. In Proceedings of SecureComm'07. IEEE, 2007.
[15]
B. Cheswick. An evening with berferd in which a cracker is lured, endured, and studied. In Proceedings of the Winter USENIX Conference, 1992.
[16]
F. Cohen. The use of deception techniques: Honeypots and decoys. 3, 2006.
[17]
P. Ford-Hutchinson. Securing ftp with tls (rfc 4217). 2005.
[18]
X. Han, N. Kheir, and D. Balzarotti. Evaluation of deception-based web attacks detection. In Proceedings of ACM Workshop on Moving Target Defense, 2017.
[19]
M. Horowitz and S. Lunt. Ftp security extensions (RFC 2228), 1997.
[20]
S. Jajodia, V. Subrahmanian, V. Swarup, and C. Wang. Cyber Deception: Building the Scientific Foundation. Springer, 2016.
[21]
J. Jones. Cyber deception via system manipulation. In Proceedings of the 12th International Conference on Cyber Warfare and Security, 2017.
[22]
M. Korolov. Deception technology grows and evolves. https://www.csoonline.com/article/3113055/security/deception-technology-grows-and-evolves.html.
[23]
K. McCoy. Target to pay $18.5M for 2013 data breach that affected 41 million consumers. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/.
[24]
V. Neagoe and M. Bishop. Inconsistency in deception for defense. In Proceedings of the 2006 Workshop on New Security Paradigms. ACM, 2006.
[25]
T. H. Project. Sebek: A kernel based data capture tool, 2003.
[26]
N. Provos. Honeyd-a virtual honeypot daemon. In 10th DFN-CERT Workshop, Hamburg, Germany, volume 2, page 4, 2003.
[27]
N. Rowe, H. Goh, S. Lim, and B. Duong. Experiments with a testbed for automated defensive deception planning for cyber-attacks. In Proceedings of the 2nd International Conference on I-Warfare and Security (ICIW'07), 2007.
[28]
N. C. Rowe. Deception in defense of computer systems from cyber attack. Cyber Warfare and Cyber Terrorism, page 97, 2007.
[29]
J. Sun and K. Sun. Desir: Decoy-enhanced seamless ip randomization. In Proceedings of INFOCOM'16. IEEE, 2016.
[30]
J. Sun, K. Sun, and Q. Li. Cybermoat: Camouflaging critical server infrastructures with large scale decoy farms. In Proceedings of IEEE CNS'17. IEEE, 2017.
[31]
J. Yuill, D. Denning, and F. Feer. Using deception to hide things from hackers: Processes, principles, and techniques. Journal of Information Warfare, 5(3), 2006.
[32]
J. J. Yuill. Defensive computer-security deception operations: Processes, principles and techniques. In Ph.D. Dissertation, North Carolina State University, 2006.

Cited By

View all
  • (2023)DEFIA: Evaluate Defense Effectiveness by Fusing Behavior Information of CyberattacksInformation Sciences10.1016/j.ins.2023.119375(119375)Online publication date: Jul-2023
  • (2023)Cyber expert feedbackComputers and Security10.1016/j.cose.2023.103268130:COnline publication date: 1-Jul-2023
  • (2022)SPM: A Novel Hierarchical Model for Evaluating the Effectiveness of Combined ACDs in a Blockchain-Based Cloud EnvironmentApplied Sciences10.3390/app1218923012:18(9230)Online publication date: 14-Sep-2022
  • Show More Cited By

Index Terms

  1. Ensuring Deception Consistency for FTP Services Hardened against Advanced Persistent Threats

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    MTD '18: Proceedings of the 5th ACM Workshop on Moving Target Defense
    October 2018
    96 pages
    ISBN:9781450360036
    DOI:10.1145/3268966
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 January 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. advanced persistent threat
    2. cyber deception
    3. deception consistency

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    CCS '18
    Sponsor:

    Acceptance Rates

    MTD '18 Paper Acceptance Rate 5 of 5 submissions, 100%;
    Overall Acceptance Rate 40 of 92 submissions, 43%

    Upcoming Conference

    ICSE 2025

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)127
    • Downloads (Last 6 weeks)27
    Reflects downloads up to 30 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)DEFIA: Evaluate Defense Effectiveness by Fusing Behavior Information of CyberattacksInformation Sciences10.1016/j.ins.2023.119375(119375)Online publication date: Jul-2023
    • (2023)Cyber expert feedbackComputers and Security10.1016/j.cose.2023.103268130:COnline publication date: 1-Jul-2023
    • (2022)SPM: A Novel Hierarchical Model for Evaluating the Effectiveness of Combined ACDs in a Blockchain-Based Cloud EnvironmentApplied Sciences10.3390/app1218923012:18(9230)Online publication date: 14-Sep-2022
    • (2021)FLEX-IoT: Secure and Resource-Efficient Network Boot System for Flexible-IoT PlatformSensors10.3390/s2106206021:6(2060)Online publication date: 15-Mar-2021
    • (2021)A Cyber Deception Method Based on Container Identity Information AnonymityIEICE Transactions on Information and Systems10.1587/transinf.2020EDL8137E104.D:6(893-896)Online publication date: 1-Jun-2021
    • (2020)A Survey of Moving Target Defenses for Network SecurityIEEE Communications Surveys & Tutorials10.1109/COMST.2020.298295522:3(1909-1941)Online publication date: Nov-2021
    • (2020)An Intelligent Deployment Policy for Deception Resources Based on Reinforcement LearningIEEE Access10.1109/ACCESS.2020.29747868(35792-35804)Online publication date: 2020

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media