DocumentCode :
3735309
Title :
Computer network deception as a Moving Target Defense
Author :
Vincent E. Urias;William M.S. Stout;Caleb Loverro
Author_Institution :
Sandia National Laboratories, Albuquerque, New Mexico, USA
fYear :
2015
Firstpage :
1
Lastpage :
6
Abstract :
Computer Network Defense (CND) has traditionally been provided using reactionary tools such as signature-based detectors, white/blacklisting, intrusion detection/protection systems, etc. While event detection/correlation techniques may identify threats - those threats are then dealt with manually, often employing obstruction-based responses (e.g., blocking). Literature has shown that as threat sophistication grows, perimeter-planted security efforts are ineffective in combating competent adversaries; malicious actors are already seated behind enterprise defenses, navigating the controls. We have developed a novel approach to CND: the Deception Environment. Under the Deception Environment framework, we have created a live, unpredictable, and adaptable deception network leveraging virtualization/cloud technology, software defined networking, introspection and analytics. The environment not only provides the means to identify and contain the threat, but also facilitates the ability to study, understand, and develop protections against sophisticated adversaries. Its extensibility has enabled us to explore its application as a Moving Target Defense (MTD).
Keywords :
"Virtual machining","Cloning","Monitoring","Software defined networking","Virtualization","Cloud computing"
Publisher :
ieee
Conference_Titel :
Security Technology (ICCST), 2015 International Carnahan Conference on
Print_ISBN :
978-1-4799-8690-3
Electronic_ISBN :
2153-0742
Type :
conf
DOI :
10.1109/CCST.2015.7389665
Filename :
7389665
Link To Document :
بازگشت