Calendar - 91Æƽâ°æ

91Æƽâ°æ

Skip to main content

Department of Computer Science
Jun 30 10:00 am
[Defense] Machine Learning-Augmented DAG-Based BFT Consensus: GNN and RL-Driven Approaches for Adaptive, Scalable, and Fault-Tolerant Protocols
Sep 16 1:00 pm
NSM + Computer Science Career Fair & Graduate School Expo
Feb 18 10:00 am
Computer Science Career Fair
Month Week Day

[Defense] Cyber Deception against Adversarial Reconnaissance in Enterprise Network using Semi-Indistinguishable Honeypot

Thursday, April 4, 2024

10:00 am - 11:30 am

In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
Shanto Roy

will defend his dissertation
Cyber Deception against Adversarial Reconnaissance in Enterprise Network using Semi-Indistinguishable Honeypot

Abstract

Cyber deception involves deliberately misleading attackers within a network to thwart their malicious activities, often by presenting them with false information or decoy assets. It is essential for defending enterprise networks as it helps mitigate potential damage and minimize the impact of successful attacks. This dissertation addresses two significant issues in cyber deception: (1) most honeypots can be detected and avoided by adversaries, and (2) the absence of effective human evaluation in current literature to measure deception capability. While previous works explored honeypot-based deception strategies, very few have deployed their systems in real life, considered detection avoidance by attackers, and evaluated their systems with human attackers. As such, there is no standard evaluation strategy for measuring the efficiency of honeypot-based deception systems. To fill the research gaps, our work proposes a new deception system named DARSH (Deceive Adversaries through Redirection to Semi-Indistinguishable Honeypot Web Servers), which employs a semi-indistinguishable honeypot to deceive attackers and protect sensitive information. A semi-indistinguishable honeypot mimics the services and configurations of a real server while hiding sensitive information via content modification. DARSH is a multi-layer approach that redirects attackers to the honeypot, which has an identical network configuration as the original server. To hide sensitive information at the application layer, DARSH clones the application server with sensitive information obfuscated. We extensively evaluate our work in three steps: technical evaluation, human evaluation, and case study. First, we prove the effectiveness of deceiving attackers’ reconnaissance by examining the tool outputs during technical evaluation. Then, through human evaluation, we show that participants with academic or professional-level cyber security knowledge cannot distinguish the honeypot from a real server. Finally, case studies reveal that advanced pen testers cannot detect the presence of the honeypot while employing existing honeypot detection techniques, including fingerprinting and timing analysis.

Thursday, April 4, 2024
10:00 AM - 11:30 AM CT

PGH 501B

Dr. Omprakash Gnawali, dissertation advisor

Faculty, students, and the general public are invited.

Dissertation Defense Thumbnail (1 of 3)
Location
Room 501B, Philip Guthrie Hoffman Hall (PGH), 3551 Cullen Blvd, Houston, TX 77204, USA