Researchers try pretence to beat cyberattacks
You can buy time by making it look like they’re succeeding. Samantha Page reports.
Computer scientists are looking at new ways to deter cyberattacks by giving the attackers false hope.
A team led by Prasad Calyam from the University of Missouri, US, has designed a system it says can dupe attackers into thinking they are making progress, giving targets more time to respond and thwart Distributed Denial of Service (DDoS) attacks and Advanced Persistent Threats (APTs).
The system quarantines the attacker, allowing more time to respond.
"The quarantine is a decoy that behaves very similar to the real compromised target to keep the attacker assuming that the attack is still succeeding," says Calyam. “In a typical cyberattack, the more deeply attackers go in the system, the more they have the ability to go many directions.
“It becomes like a Whack-A-Mole game for those defending the system. Our strategy simply changes the game, but makes the attackers think they are being successful."
The researchers report on their work in a paper published in the journal Future Generation Computer Systems.
They use a strategy from psychology known as pretence. In their paper, they recap a psychological study of pretence. If a child is shown a picture of a dog, but it quacks like a duck, the child will protest. But if the picture looks like a duck (but is not) and quacks like a duck, the child will not protest until the child realises they have been tricked.
Their system – called Dolus after the Greek god of trickery – detects attacks and uses “artificial intelligence techniques” to mislead the attacker into thinking the attack is working and to delay the “protest” – in this case, altering the attack.
The design redirects attacking users to a virtual machine – a kind of replica of the target that “mimics” the behaviour of the target site or system. It also alerts the operators, while allowing normal users, such as customers and accounts, to continue.
“Such a strategy is aimed at preventing the disruption of cloud-hosted services (i.e., loss of availability) and/or the exfiltration of data (i.e., loss of confidentiality) by deceiving the attacker through creation of a false sense of success, and by allowing the attacker to believe that a high-value target has been impacted or that high-value data has been accessed or obtained,” they write.
“We are using machine learning techniques that require minimal to no human intervention to effectively detect and defend against data and resource exfiltration attacks within small-to-large scale enterprise networks,” Calyam adds.“We are interested in the targeted attacks where the attacker is trying to exploit data or critical infrastructure resources, such as blocking data access, tampering facts or stealing data.
“Attackers are trying to use people’s compromised resources to infiltrate their data without their knowledge, and these attacks are becoming increasingly significant because attackers are realising they can make money in a big way like never before."
Protecting against cyberattack is becoming increasingly critical as more information is stored in the cloud. The World Economic Forum says cyberattacks are one of the top five risks to society for 2019.
Both financial and personal information have been stolen in recent years, and a partner of management consultants McKinsey & Company recently warned that cyberattacks could cost lives.