SlideShare a Scribd company logo

Deception towards Moving Target Defense

Download as PPTX, PDF
B
Basirudin Rachman Djamaluddin

Presentation in the International Carnahan Conference on Security Technology (ICCST)

Technology
1 of 23
kfupm.edu.sa Web Deception towards Moving Target Defense Basirudin Djamaluddin Ahmed Alnazeer Farag Azzedin 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 25-October-2018
Web Application And Its Risks King Fahd University of Petroleum & Minerals kfupm.edu.sa2 • Web Application Risks1: • Publically exposed which may contained with sensitive information – attractive for adversaries • It may contain vulnerabilities which make them vulnerable from cyber-security threats. • Known Techniques To Overcome Cyber-Security Threats • Mechanism to expose the vulnerabilities before the adversaries expose it: • Black-box by doing vulnerability scan and analyzing the output2 • White-box by analyzing the source code (static) and rewrites the code in binary level3 • Securely develop the application itself, analysis/testing and runtime protection4, i.e. following the requirement from Open Web Application Security Project (OWASP)5 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, 2015. 2. A. Doupé, et al, “Enemy of the State: A State-Aware Black-Box Vulnerability Scanner.” 2012. 3. A. Doupé, et al, “deDacota: Toward Preventing Server-side XSS via Automatic Code and Data Separation,” 2013 4. X. Li and Y. Xue, “A survey on server-side approaches to securing web applications,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, 2014. 5. https://www.owasp.org/index.php/Main_Page
Web Application And Its Risks (cont.) King Fahd University of Petroleum & Minerals kfupm.edu.sa3 • Challenges: • The static analysis, however, is not suitable for long running defense strategy where the adversaries can observe and try to get insight of the web application to find new vulnerabilities or defeat the detection mechanism and then launch new attack through the identified possible new attack vectors1,2 • The weakness of modern tools as advanced security techniques is there, in which these tools work reactionary and as the result it may lost to get the information of what the objective behind the attack of the adversaries3 Static analysis and reactionary defend system to cyber-attacks cannot totally overcome the issue, in fact – it may add complexity to the defender without giving such of expected positive results at the end. A proactive implementation by enhancing the flexibility and make the attack surface more dynamic will move the complexity to the attackers. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, 2015. 2. D. Evans, et al., “Effectiveness of Moving Target Defenses,” in Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, 2011 3. V. E. Urias, et a., “Computer network deception as a Moving Target Defense,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2015–Janua, 2016.
Proactive and Dynamic Defense Approach – Deception King Fahd University of Petroleum & Minerals kfupm.edu.sa4 • Known techniques have limitations which cannot provide a comprehensive solution against Internet threats and have driven research on overcoming the attacks at very beginning and warn the users1 • Deception technique is one of the cyber-security defender solution to overcome aforementioned limitations which recently have attracted security researchers1,2. • Deception is a technique that work by creating fake target to deceive attacker like honeypots which is designed to lure the attacker where its value is already compromised, built and configured to look vulnerable in the perception of adversaries, although if it is being attacked it will not cause any loss to the main system3 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. X. Han, et al., “Evaluation of Deception-Based Web Attacks Detection,” Proc. 2017 Work. Mov. Target Def. - MTD ’17, pp. 65–73, 2017. 2. M. Almeshekah, et al., “The case of using negative (deceiving) information in data protection,”, 2014. 3. C. De Faveri and A. Moreira, “A SPL Framework for Adaptive Deception-based Defense,” vol. 9, pp. 5542–5551, 2018. Weakness: it has only limit to the view of the attacks that hit it, there is no way to make the honeypots as the main system if the main system is attacked. In the other side, if the attackers keep attacking the honeypots, the defenders can use it as a countermeasure to the attackers1
Proactive and Dynamic Defense Approach – Moving Target Defense (MTD) King Fahd University of Petroleum & Minerals kfupm.edu.sa5 • Increase the complexity of cyber-attacks (for the adversaries) by making the system less homogeneous, less static and less deterministic which can make the attack surface more dynamic • Example: • In network, by changing network topology (i.e. random port numbers, extra open or close ports or even fake listening port. • In application, by changing the application environment, application type and version and last one is routing them through different hosts. By applying MTD, protection level is increased and reduced the asymmetric advantage that the attacker has. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
MTD in Web Application1 King Fahd University of Petroleum & Minerals kfupm.edu.sa6 • Two Important factors for MTD implementation to web application: • When-to-move? • What-to-move? • What will be the possible targets that the adversaries will attack? With this information the requirements can be divided into 4 specific layers: • Logic Layer • Storage Layer • Presentation Layer • Browsers 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, pp. 510–517
MTD in Web Application (cont.) King Fahd University of Petroleum & Minerals kfupm.edu.sa7 • What-to-move – Web application layers for MTD: • Logic Layer • Change the web application by changing from one to another (i.e. from Python to PHP), objective: confuse the attacker and increase the complexity of attack in term of different structure of the language which requires fingerprinting to know the language • Prevent in the memory attack (lowest language – assembly) • Storage Layer • Mainly, the attack will be SQL injection attack which requires fingerprinting to know the SQL database. • Strategy: jump between two databases which has different SQL statements. Also to apply proper sanitation both in input and output. • Presentation Layer • Objective: Avoid direct threat in presentation layers such as Cross-Site Scripting (XSS). • Mechanism: generate random token to add complexity for the adversaries 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
Problem Statements King Fahd University of Petroleum & Minerals kfupm.edu.sa8 Static Web Deception If adversaries successfully attack the main web application instead of the deception then defender doesn’t have any option to countermeasure the adversaries Limited Diversification • Proactive MTD can be achieved by applying redirection incoming web traffic to nonstandard web port and rotating the active web server that serve the incoming traffic1. • This rotation of web application only based on the port rotation can be enhanced by adding more diversification layers: logical and storage 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016.
Related Works King Fahd University of Petroleum & Minerals kfupm.edu.sa9 • The movement of deception towards MTD on higher-network level1 • Within the Deception Network model, it is proposed an MTD based on entire network enclaves as well as host attributes, characteristics and files. Rather than using the second network to contain the threat, it is used to hide the defender. • Dynamic Application Rotation Environment for Moving Target Defense (DARE MTD)2 • A proactive MTD by applying redirection on incoming web traffic to nonstandard web port and rotating the active web server that will server the incoming traffic. • It succeed to achieve the goals of: increasing uncertainty and resilience. • Proposal of complete MTD in web application with multi diversifications3 • Proposed complete MTD in the web application with diversification in four layers: logical, storage, presentation and browser. • Implemented logical layer diversification by creating translator for Python to PHP • Implemented storage diversification by translating the dialect of MySQL and PostgreSQL 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. V. E. Urias, et al., “Computer network deception as a Moving Target Defense,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2015–Janua, 2016. 2. M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016. 3. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, 2015.
Our Proposal Approach, Implementation and Evaluation 10 King Fahd University of Petroleum & Minerals kfupm.edu.sa10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
Approach: Combining Web Deception and MTD King Fahd University of Petroleum & Minerals kfupm.edu.sa11 • Deception Environment • Provides fake implementation with the look and feel similar to the real system to attract the adversary • The environment is built close to one of the MTD implementation • Multi Layer MTD Implementations in Real System • Dynamic configuration to route to one of two web servers (only one is up at a time) every 30 seconds1 • Each web server setup with two web sites each with different application environments (diversity in the logical layer). This is as alternative of source code diversity as suggested by Taguinod et al. This will resolve static application implementation in DARE by Thompson et al. • Dynamically provide two database applications which will only one will be up (rotated dynamically) on which the active application will be connected to. This is a novice MTD approached proposed in our implementation. MTD Tool We developed a small application as an MTD Tool which will make sure that the MDT happens in each layers 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016.
MTD Tool Operation Algorithm King Fahd University of Petroleum & Minerals kfupm.edu.sa12 MTD Tool Starts Wait for 30 seconds Reconfigure Director to direct to next active server Reconfigure next active server to next active database Stop the active server and database and start the next active ones Results Mitigate known/unknown vulnerabilities, by reducing the amount of time the active platform is being exposed Final Outcomes 1. Increase uncertainty to the attackers 2. Increase defensive system resilience by reducing the down time Measurement: 1. How much we success to reduce the likelihood exploit? 2. How far the impact of a successful exploit has reduced? 3. Do we still maintain application availability? 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
Implementation King Fahd University of Petroleum & Minerals kfupm.edu.sa13 Web Deception (IIS/ASP.NET port 83) Database (MySQL) Attackers MTDTool 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
MTD Stack King Fahd University of Petroleum & Minerals kfupm.edu.sa14 1. PHP which is setup in both IIS and Apache will confuse the attackers about the real identity of the running host server 2. MariaDB may be suffered with SQL Injection vector. This will confuse when the reconnaissance result doesn’t fits with the actual MongoDB active database 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
Performance Evaluation – Web Deception King Fahd University of Petroleum & Minerals kfupm.edu.sa15 • Web Deception Fingerprinting and Vulnerability Scan • Fingerprinting result using Nmap will give adversaries find that there are two ports opened in the server: 83 and 80 where the former is for deception while the later is only a director (no application runs on it) of a real applications under MTD. • Vulnerability penetration test using Acunetix gives two high-severity type vulnerabilities and five medium which we expected that these information will attract the attacker to exploit more (as the objective of deception). Furthermore, this behavior from the attacker can be used for further investigation. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Severity High Medium Low Vulnerabilities 2 5 N/A
Performance Evaluation – Individual Sites (Non MTD) King Fahd University of Petroleum & Minerals kfupm.edu.sa16 • Individual Primary Web Application Fingerprinting • For simplicity, the director (port 80) is directed to port 81 (IIS with ASP.NET) which runs on top of MySQL Database and individual application connects to MySQL 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Findings: 1. Nmap cannot fingerprint MongoDB 2. Expectation: when MTD runs, each of the application should be fingerprinted fairly by 33%. However, we can’t expect this for database.
Performance Evaluation – Individual Sites (Non MTD) King Fahd University of Petroleum & Minerals kfupm.edu.sa17 • Individual Primary Web Application Vulnerability Scans • For simplicity, the director (port 80) is directed to port 81 (IIS with ASP.NET) which runs on top of MySQL Database and individual application connects to MySQL • Vulnerability Scan result using Acunetix: Port 80 81 82 8080 SQL Injection Related 2 2 0 0 IIS Related 0 1 1 0 Cross Site Scripting 0 0 3 3 Medium Severity 7 7 8 9 Low Severity 3 3 3 3 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 High Risk Alert Level 3 – Vulnerabilities categorized as the most dangerous, which put the scan target at maximum risk for hacking and data theft. Medium Risk Alert Level 2 – Vulnerabilities caused by server misconfiguration and site-coding flaws, which facilitate server disruption and intrusion. Low Risk Alert Level 1 – Vulnerabilities derived from lack of encryption of data traffic or directory path disclosures. https://www.acunetix.com/support/docs/wvs/analyzing-scan-results/
Performance Evaluation – MTD Fingerprinting King Fahd University of Petroleum & Minerals kfupm.edu.sa18 • Fingerprint has been done to the port 80 while the MTDTool is running (system is running in MTD state). Fingerprint tool is using Nmap for 10 trials: 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Trial Time (Secs) Port MySQL 81 82 8080 1 202.41 1 0 2 54.77 1 0 3 100.15 1 0 4 46.32 1 1 5 61.9 1 0 6 204.1 1 1 7 202.09 1 0 8 203.22 1 1 9 198.67 1 0 10 202.67 1 0 Findings: 1. The fingerprinting scan took more time than normal with average 147.63 seconds
Performance Evaluation – MTD Vulnerability Scan King Fahd University of Petroleum & Minerals kfupm.edu.sa19 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 The result of vulnerability scan against the port 80 (the MTD director) after the MTD is started is as following: there are no high severity vulnerabilities detected from the average of 42.33 vulnerabilities that were being discovered. The rest of lower severity vulnerabilities are: 21.67 medium, 5.2 low and 15.5 informational. Trial Time (Secs) Total High Medium Low Informational 1 375 13 0 7 3 3 2 136 12 0 2 4 6 3 146 13 0 2 4 7 4 49 19 0 13 3 3 5 47 13 0 6 3 4 6 885 184 0 100 14 70 Avg 273 42.33 0 21.67 5.2 15.5
Future Works and Conclusions King Fahd University of Petroleum & Minerals kfupm.edu.sa20 • The first step to improve the previous MTD implementation by Thompson et al. (DARE MTD) has been implemented in this paper which has proved that the running MTD gave promising results on the fingerprint and vulnerability scans. • Further improvements are required in order to make the MTD implementation to be robust and ready for production usage: • High availability for one complete stateful application between the MTD servers • Database synchronization between the MTD database servers • Application level implementation which is easier to achieve from the implementation point of view (although requires high resource) can be enhanced to make more complex reconnaissance process by the adversaries. By switching the language in the lower level (automatically to such of language conversion engine to assist the MTD) Conclusions 1. Proposed novice approach to enhance DARE MTD and provided alternative of logical and database diversities with a working MTD of utilizing multiple web servers, web application language and databases 2. It is proven that the implementation have increased the complexity on the fingerprint and vulnerability scans by only able to fingerprint 2 of 3 MTD ports and 1 database 3. The MTD also proved to “remove” the high severity vulnerabilities. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
References King Fahd University of Petroleum & Minerals kfupm.edu.sa21 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 [1] M. Taguinod, A. Doupe, Z. Zhao, and G. J. Ahn, “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, pp. 510–517, 2015. [2] A. Doupé, L. Cavedon, C. Kruegel, and G. Vigna, “Enemy of the State: A State-Aware Black-Box Vulnerability Scanner.” 2012. [3] A. Doupé, W. Cui, M. H. Jakubowski, M. Peinado, C. Kruegel, and G. Vigna, “deDacota: Toward Preventing Server-side XSS via Automatic Code and Data Separation,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 1205–1216. [4] D. Evans, A. Nguyen-Tuong, and J. Knight, “Effectiveness of Moving Target Defenses,” in Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, S. Jajodia, A. K. Ghosh, V. Swarup, C.Wang, and X. S. Wang, Eds. New York, NY: Springer New York, 2011, pp. 29–48. [5] C. De Faveri and A. Moreira, “A SPL Framework for Adaptive Deception-based Defense,” vol. 9, pp. 5542– 5551, 2018. [6] V. E. Urias, W. M. S. Stout, and C. Loverro, “Computer network deception as a Moving Target Defense,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2015–Janua, 2016. [7] X. Li and Y. Xue, “A survey on server-side approaches to securing web applications,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, 2014. [8] X. Han, N. Kheir, and D. Balzarotti, “Evaluation of Deception-Based Web Attacks Detection,” Proc. 2017 Work. Mov. Target Def. - MTD ’17, pp. 65–73, 2017. [9] S. Jajodia, A. Ghosh, V. Swarup, C. Wamg, and X. Wang, Moving Target Defense. Springer, 2011. [10] J. H. Jafarian, E. Al-Shaer, and Q. Duan. "Openflow random host mutation: transparent moving target defense using software defined networking." Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012.
References King Fahd University of Petroleum & Minerals kfupm.edu.sa22 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 [11] D. Evans, A. Nguyen-Tuong, and J. Knight, Effectiveness of Moving Target Defenses. Springer, 2011, pp. 29– 48. [12] R. Zhuang1, S. Zhang1, S. A. DeLoach1, X. Ou1, and A. Singhal2,“Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense,” in National Symposium on Moving Target Research, June 2012. [13] M. Almeshekah, M. Atallah, and E. Spafford, “The case of using negative (deceiving) information in data protection,” Proc. 2014 CERIAS '14 Proceedings of the 15th Annual Information Security Symposium, Article no. 45, 2014. [14] M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016.
Thank you! Question? E-mail to: King Fahd University of Petroleum & Minerals kfupm.edu.sa 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Basirudin Djamaluddin Ahmed Alnazeer Farag Azzedin g201601060@kfupm.edu.sa g201406320@kfupm.edu.sa fazzedin@kfupm.edu.sa

Recommended

Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
theijes
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Ricardo Gutiérrez
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Arpit Singh
 
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
IJCSIS Research Publications
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
AM Publications
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
Konstantinos Demertzis
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
Minsait
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
IJORCS
 

Recommended

Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
theijes
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Ricardo Gutiérrez
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Arpit Singh
 
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
IJCSIS Research Publications
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
AM Publications
 
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
The Next Generation Cognitive Security Operations Center: Adaptive Analytic L...
Konstantinos Demertzis
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
Minsait
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
IJORCS
 
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
IJNSA Journal
 
A05510105
A05510105A05510105
A05510105
IOSR-JEN
 
V 14 15432 8feb 27jan 6sep18 ch
V 14 15432 8feb 27jan 6sep18 chV 14 15432 8feb 27jan 6sep18 ch
V 14 15432 8feb 27jan 6sep18 chIJECEIAES
 
Cyber Defence Intelligence (CDI)
Cyber Defence Intelligence (CDI)Cyber Defence Intelligence (CDI)
Cyber Defence Intelligence (CDI)
FloydCarrasquillo
 
Cyber security for system design
Cyber security for system designCyber security for system design
Cyber security for system design
Tom Kaczmarek
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
EC-Council
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET Journal
 
Cyber terrorism.. sir summar
Cyber terrorism.. sir summarCyber terrorism.. sir summar
Cyber terrorism.. sir summar
manailmalik
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
IAEME Publication
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCourtney Brock Rabon, MBA
 
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
IJCI JOURNAL
 
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
ijtsrd
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
Gw2412271231
Gw2412271231Gw2412271231
Gw2412271231IJERA Editor
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefingNaba Barkakati
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
CSCJournals
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
Geneva Business School Myanmar Campus
 
Network security using data mining concepts
Network security using data mining conceptsNetwork security using data mining concepts
Network security using data mining concepts
Jaideep Ghosh
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
Marc St-Pierre
 

More Related Content

What's hot

A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
IJNSA Journal
 
A05510105
A05510105A05510105
A05510105
IOSR-JEN
 
V 14 15432 8feb 27jan 6sep18 ch
V 14 15432 8feb 27jan 6sep18 chV 14 15432 8feb 27jan 6sep18 ch
V 14 15432 8feb 27jan 6sep18 chIJECEIAES
 
Cyber Defence Intelligence (CDI)
Cyber Defence Intelligence (CDI)Cyber Defence Intelligence (CDI)
Cyber Defence Intelligence (CDI)
FloydCarrasquillo
 
Cyber security for system design
Cyber security for system designCyber security for system design
Cyber security for system design
Tom Kaczmarek
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
EC-Council
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET Journal
 
Cyber terrorism.. sir summar
Cyber terrorism.. sir summarCyber terrorism.. sir summar
Cyber terrorism.. sir summar
manailmalik
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
IAEME Publication
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCourtney Brock Rabon, MBA
 
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
IJCI JOURNAL
 
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
ijtsrd
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefingNaba Barkakati
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
CSCJournals
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
Geneva Business School Myanmar Campus
 
Network security using data mining concepts
Network security using data mining conceptsNetwork security using data mining concepts
Network security using data mining concepts
Jaideep Ghosh
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 

What's hot (20)

A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
 
A05510105
A05510105A05510105
A05510105
 
V 14 15432 8feb 27jan 6sep18 ch
V 14 15432 8feb 27jan 6sep18 chV 14 15432 8feb 27jan 6sep18 ch
V 14 15432 8feb 27jan 6sep18 ch
 
Cyber Defence Intelligence (CDI)
Cyber Defence Intelligence (CDI)Cyber Defence Intelligence (CDI)
Cyber Defence Intelligence (CDI)
 
Cyber security for system design
Cyber security for system designCyber security for system design
Cyber security for system design
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Cyber terrorism.. sir summar
Cyber terrorism.. sir summarCyber terrorism.. sir summar
Cyber terrorism.. sir summar
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
 
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
S ECURITY C ONSIDERATIONS IN A M ARINE C OMMUNICATION N ETWORK FOR F ISH...
 
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
Gw2412271231
Gw2412271231Gw2412271231
Gw2412271231
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefing
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
Network security using data mining concepts
Network security using data mining conceptsNetwork security using data mining concepts
Network security using data mining concepts
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
 

Similar to Deception towards Moving Target Defense

apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
Marc St-Pierre
 
Experimental analysis of intrusion detection systems using machine learning a...
Experimental analysis of intrusion detection systems using machine learning a...Experimental analysis of intrusion detection systems using machine learning a...
Experimental analysis of intrusion detection systems using machine learning a...
IJECEIAES
 
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...
IJCNCJournal
 
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...
IJCNCJournal
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresMohammed Saqib
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET Journal
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
DataScienceConferenc1
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
CloudMask inc.
 
IRJET- Multimedia Content Security with Random Key Generation Approach in...
IRJET- Multimedia Content Security with Random Key Generation Approach in...IRJET- Multimedia Content Security with Random Key Generation Approach in...
IRJET- Multimedia Content Security with Random Key Generation Approach in...
IRJET Journal
 
MSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar
MSc (Computer Science) - Academic Proposal, May 2009 - Shaon DiwakarMSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar
MSc (Computer Science) - Academic Proposal, May 2009 - Shaon DiwakarNewsMaven
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniques
eSAT Journals
 
Defending Man In The Middle Attacks
Defending Man In The Middle AttacksDefending Man In The Middle Attacks
Defending Man In The Middle Attacks
IRJET Journal
 
4.report (cryptography & computer network)
4.report (cryptography & computer network)4.report (cryptography & computer network)
4.report (cryptography & computer network)
JIEMS Akkalkuwa
 
Cyber Attack Detection and protection using machine learning algorithm
Cyber Attack Detection and protection using machine learning algorithmCyber Attack Detection and protection using machine learning algorithm
Cyber Attack Detection and protection using machine learning algorithm
NaruVlogs
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Shakeel Ali
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniques
eSAT Publishing House
 
Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...
FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
 
IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...
IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...
IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...
IRJET Journal
 

Similar to Deception towards Moving Target Defense (20)

apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
 
Experimental analysis of intrusion detection systems using machine learning a...
Experimental analysis of intrusion detection systems using machine learning a...Experimental analysis of intrusion detection systems using machine learning a...
Experimental analysis of intrusion detection systems using machine learning a...
 
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...
 
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructures
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
 
IRJET- Multimedia Content Security with Random Key Generation Approach in...
IRJET- Multimedia Content Security with Random Key Generation Approach in...IRJET- Multimedia Content Security with Random Key Generation Approach in...
IRJET- Multimedia Content Security with Random Key Generation Approach in...
 
MSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar
MSc (Computer Science) - Academic Proposal, May 2009 - Shaon DiwakarMSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar
MSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniques
 
Defending Man In The Middle Attacks
Defending Man In The Middle AttacksDefending Man In The Middle Attacks
Defending Man In The Middle Attacks
 
4.report (cryptography & computer network)
4.report (cryptography & computer network)4.report (cryptography & computer network)
4.report (cryptography & computer network)
 
Cyber Attack Detection and protection using machine learning algorithm
Cyber Attack Detection and protection using machine learning algorithmCyber Attack Detection and protection using machine learning algorithm
Cyber Attack Detection and protection using machine learning algorithm
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
Survey on cloud computing security techniques
Survey on cloud computing security techniquesSurvey on cloud computing security techniques
Survey on cloud computing security techniques
 
Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...
 
IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...
IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...
IRJET - Cross-Site Scripting on Banking Application and Mitigating Attack usi...
 

Recently uploaded

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Deception towards Moving Target Defense

  • 1. kfupm.edu.sa Web Deception towards Moving Target Defense Basirudin Djamaluddin Ahmed Alnazeer Farag Azzedin 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 25-October-2018
  • 2. Web Application And Its Risks King Fahd University of Petroleum & Minerals kfupm.edu.sa2 • Web Application Risks1: • Publically exposed which may contained with sensitive information – attractive for adversaries • It may contain vulnerabilities which make them vulnerable from cyber-security threats. • Known Techniques To Overcome Cyber-Security Threats • Mechanism to expose the vulnerabilities before the adversaries expose it: • Black-box by doing vulnerability scan and analyzing the output2 • White-box by analyzing the source code (static) and rewrites the code in binary level3 • Securely develop the application itself, analysis/testing and runtime protection4, i.e. following the requirement from Open Web Application Security Project (OWASP)5 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, 2015. 2. A. Doupé, et al, “Enemy of the State: A State-Aware Black-Box Vulnerability Scanner.” 2012. 3. A. Doupé, et al, “deDacota: Toward Preventing Server-side XSS via Automatic Code and Data Separation,” 2013 4. X. Li and Y. Xue, “A survey on server-side approaches to securing web applications,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, 2014. 5. https://www.owasp.org/index.php/Main_Page
  • 3. Web Application And Its Risks (cont.) King Fahd University of Petroleum & Minerals kfupm.edu.sa3 • Challenges: • The static analysis, however, is not suitable for long running defense strategy where the adversaries can observe and try to get insight of the web application to find new vulnerabilities or defeat the detection mechanism and then launch new attack through the identified possible new attack vectors1,2 • The weakness of modern tools as advanced security techniques is there, in which these tools work reactionary and as the result it may lost to get the information of what the objective behind the attack of the adversaries3 Static analysis and reactionary defend system to cyber-attacks cannot totally overcome the issue, in fact – it may add complexity to the defender without giving such of expected positive results at the end. A proactive implementation by enhancing the flexibility and make the attack surface more dynamic will move the complexity to the attackers. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, 2015. 2. D. Evans, et al., “Effectiveness of Moving Target Defenses,” in Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, 2011 3. V. E. Urias, et a., “Computer network deception as a Moving Target Defense,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2015–Janua, 2016.
  • 4. Proactive and Dynamic Defense Approach – Deception King Fahd University of Petroleum & Minerals kfupm.edu.sa4 • Known techniques have limitations which cannot provide a comprehensive solution against Internet threats and have driven research on overcoming the attacks at very beginning and warn the users1 • Deception technique is one of the cyber-security defender solution to overcome aforementioned limitations which recently have attracted security researchers1,2. • Deception is a technique that work by creating fake target to deceive attacker like honeypots which is designed to lure the attacker where its value is already compromised, built and configured to look vulnerable in the perception of adversaries, although if it is being attacked it will not cause any loss to the main system3 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. X. Han, et al., “Evaluation of Deception-Based Web Attacks Detection,” Proc. 2017 Work. Mov. Target Def. - MTD ’17, pp. 65–73, 2017. 2. M. Almeshekah, et al., “The case of using negative (deceiving) information in data protection,”, 2014. 3. C. De Faveri and A. Moreira, “A SPL Framework for Adaptive Deception-based Defense,” vol. 9, pp. 5542–5551, 2018. Weakness: it has only limit to the view of the attacks that hit it, there is no way to make the honeypots as the main system if the main system is attacked. In the other side, if the attackers keep attacking the honeypots, the defenders can use it as a countermeasure to the attackers1
  • 5. Proactive and Dynamic Defense Approach – Moving Target Defense (MTD) King Fahd University of Petroleum & Minerals kfupm.edu.sa5 • Increase the complexity of cyber-attacks (for the adversaries) by making the system less homogeneous, less static and less deterministic which can make the attack surface more dynamic • Example: • In network, by changing network topology (i.e. random port numbers, extra open or close ports or even fake listening port. • In application, by changing the application environment, application type and version and last one is routing them through different hosts. By applying MTD, protection level is increased and reduced the asymmetric advantage that the attacker has. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 6. MTD in Web Application1 King Fahd University of Petroleum & Minerals kfupm.edu.sa6 • Two Important factors for MTD implementation to web application: • When-to-move? • What-to-move? • What will be the possible targets that the adversaries will attack? With this information the requirements can be divided into 4 specific layers: • Logic Layer • Storage Layer • Presentation Layer • Browsers 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, pp. 510–517
  • 7. MTD in Web Application (cont.) King Fahd University of Petroleum & Minerals kfupm.edu.sa7 • What-to-move – Web application layers for MTD: • Logic Layer • Change the web application by changing from one to another (i.e. from Python to PHP), objective: confuse the attacker and increase the complexity of attack in term of different structure of the language which requires fingerprinting to know the language • Prevent in the memory attack (lowest language – assembly) • Storage Layer • Mainly, the attack will be SQL injection attack which requires fingerprinting to know the SQL database. • Strategy: jump between two databases which has different SQL statements. Also to apply proper sanitation both in input and output. • Presentation Layer • Objective: Avoid direct threat in presentation layers such as Cross-Site Scripting (XSS). • Mechanism: generate random token to add complexity for the adversaries 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 8. Problem Statements King Fahd University of Petroleum & Minerals kfupm.edu.sa8 Static Web Deception If adversaries successfully attack the main web application instead of the deception then defender doesn’t have any option to countermeasure the adversaries Limited Diversification • Proactive MTD can be achieved by applying redirection incoming web traffic to nonstandard web port and rotating the active web server that serve the incoming traffic1. • This rotation of web application only based on the port rotation can be enhanced by adding more diversification layers: logical and storage 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016.
  • 9. Related Works King Fahd University of Petroleum & Minerals kfupm.edu.sa9 • The movement of deception towards MTD on higher-network level1 • Within the Deception Network model, it is proposed an MTD based on entire network enclaves as well as host attributes, characteristics and files. Rather than using the second network to contain the threat, it is used to hide the defender. • Dynamic Application Rotation Environment for Moving Target Defense (DARE MTD)2 • A proactive MTD by applying redirection on incoming web traffic to nonstandard web port and rotating the active web server that will server the incoming traffic. • It succeed to achieve the goals of: increasing uncertainty and resilience. • Proposal of complete MTD in web application with multi diversifications3 • Proposed complete MTD in the web application with diversification in four layers: logical, storage, presentation and browser. • Implemented logical layer diversification by creating translator for Python to PHP • Implemented storage diversification by translating the dialect of MySQL and PostgreSQL 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. V. E. Urias, et al., “Computer network deception as a Moving Target Defense,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2015–Janua, 2016. 2. M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016. 3. M. Taguinod, et al., “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, 2015.
  • 10. Our Proposal Approach, Implementation and Evaluation 10 King Fahd University of Petroleum & Minerals kfupm.edu.sa10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 11. Approach: Combining Web Deception and MTD King Fahd University of Petroleum & Minerals kfupm.edu.sa11 • Deception Environment • Provides fake implementation with the look and feel similar to the real system to attract the adversary • The environment is built close to one of the MTD implementation • Multi Layer MTD Implementations in Real System • Dynamic configuration to route to one of two web servers (only one is up at a time) every 30 seconds1 • Each web server setup with two web sites each with different application environments (diversity in the logical layer). This is as alternative of source code diversity as suggested by Taguinod et al. This will resolve static application implementation in DARE by Thompson et al. • Dynamically provide two database applications which will only one will be up (rotated dynamically) on which the active application will be connected to. This is a novice MTD approached proposed in our implementation. MTD Tool We developed a small application as an MTD Tool which will make sure that the MDT happens in each layers 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 1. M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016.
  • 12. MTD Tool Operation Algorithm King Fahd University of Petroleum & Minerals kfupm.edu.sa12 MTD Tool Starts Wait for 30 seconds Reconfigure Director to direct to next active server Reconfigure next active server to next active database Stop the active server and database and start the next active ones Results Mitigate known/unknown vulnerabilities, by reducing the amount of time the active platform is being exposed Final Outcomes 1. Increase uncertainty to the attackers 2. Increase defensive system resilience by reducing the down time Measurement: 1. How much we success to reduce the likelihood exploit? 2. How far the impact of a successful exploit has reduced? 3. Do we still maintain application availability? 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 13. Implementation King Fahd University of Petroleum & Minerals kfupm.edu.sa13 Web Deception (IIS/ASP.NET port 83) Database (MySQL) Attackers MTDTool 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 14. MTD Stack King Fahd University of Petroleum & Minerals kfupm.edu.sa14 1. PHP which is setup in both IIS and Apache will confuse the attackers about the real identity of the running host server 2. MariaDB may be suffered with SQL Injection vector. This will confuse when the reconnaissance result doesn’t fits with the actual MongoDB active database 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 15. Performance Evaluation – Web Deception King Fahd University of Petroleum & Minerals kfupm.edu.sa15 • Web Deception Fingerprinting and Vulnerability Scan • Fingerprinting result using Nmap will give adversaries find that there are two ports opened in the server: 83 and 80 where the former is for deception while the later is only a director (no application runs on it) of a real applications under MTD. • Vulnerability penetration test using Acunetix gives two high-severity type vulnerabilities and five medium which we expected that these information will attract the attacker to exploit more (as the objective of deception). Furthermore, this behavior from the attacker can be used for further investigation. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Severity High Medium Low Vulnerabilities 2 5 N/A
  • 16. Performance Evaluation – Individual Sites (Non MTD) King Fahd University of Petroleum & Minerals kfupm.edu.sa16 • Individual Primary Web Application Fingerprinting • For simplicity, the director (port 80) is directed to port 81 (IIS with ASP.NET) which runs on top of MySQL Database and individual application connects to MySQL 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Findings: 1. Nmap cannot fingerprint MongoDB 2. Expectation: when MTD runs, each of the application should be fingerprinted fairly by 33%. However, we can’t expect this for database.
  • 17. Performance Evaluation – Individual Sites (Non MTD) King Fahd University of Petroleum & Minerals kfupm.edu.sa17 • Individual Primary Web Application Vulnerability Scans • For simplicity, the director (port 80) is directed to port 81 (IIS with ASP.NET) which runs on top of MySQL Database and individual application connects to MySQL • Vulnerability Scan result using Acunetix: Port 80 81 82 8080 SQL Injection Related 2 2 0 0 IIS Related 0 1 1 0 Cross Site Scripting 0 0 3 3 Medium Severity 7 7 8 9 Low Severity 3 3 3 3 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 High Risk Alert Level 3 – Vulnerabilities categorized as the most dangerous, which put the scan target at maximum risk for hacking and data theft. Medium Risk Alert Level 2 – Vulnerabilities caused by server misconfiguration and site-coding flaws, which facilitate server disruption and intrusion. Low Risk Alert Level 1 – Vulnerabilities derived from lack of encryption of data traffic or directory path disclosures. https://www.acunetix.com/support/docs/wvs/analyzing-scan-results/
  • 18. Performance Evaluation – MTD Fingerprinting King Fahd University of Petroleum & Minerals kfupm.edu.sa18 • Fingerprint has been done to the port 80 while the MTDTool is running (system is running in MTD state). Fingerprint tool is using Nmap for 10 trials: 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Trial Time (Secs) Port MySQL 81 82 8080 1 202.41 1 0 2 54.77 1 0 3 100.15 1 0 4 46.32 1 1 5 61.9 1 0 6 204.1 1 1 7 202.09 1 0 8 203.22 1 1 9 198.67 1 0 10 202.67 1 0 Findings: 1. The fingerprinting scan took more time than normal with average 147.63 seconds
  • 19. Performance Evaluation – MTD Vulnerability Scan King Fahd University of Petroleum & Minerals kfupm.edu.sa19 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 The result of vulnerability scan against the port 80 (the MTD director) after the MTD is started is as following: there are no high severity vulnerabilities detected from the average of 42.33 vulnerabilities that were being discovered. The rest of lower severity vulnerabilities are: 21.67 medium, 5.2 low and 15.5 informational. Trial Time (Secs) Total High Medium Low Informational 1 375 13 0 7 3 3 2 136 12 0 2 4 6 3 146 13 0 2 4 7 4 49 19 0 13 3 3 5 47 13 0 6 3 4 6 885 184 0 100 14 70 Avg 273 42.33 0 21.67 5.2 15.5
  • 20. Future Works and Conclusions King Fahd University of Petroleum & Minerals kfupm.edu.sa20 • The first step to improve the previous MTD implementation by Thompson et al. (DARE MTD) has been implemented in this paper which has proved that the running MTD gave promising results on the fingerprint and vulnerability scans. • Further improvements are required in order to make the MTD implementation to be robust and ready for production usage: • High availability for one complete stateful application between the MTD servers • Database synchronization between the MTD database servers • Application level implementation which is easier to achieve from the implementation point of view (although requires high resource) can be enhanced to make more complex reconnaissance process by the adversaries. By switching the language in the lower level (automatically to such of language conversion engine to assist the MTD) Conclusions 1. Proposed novice approach to enhance DARE MTD and provided alternative of logical and database diversities with a working MTD of utilizing multiple web servers, web application language and databases 2. It is proven that the implementation have increased the complexity on the fingerprint and vulnerability scans by only able to fingerprint 2 of 3 MTD ports and 1 database 3. The MTD also proved to “remove” the high severity vulnerabilities. 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018
  • 21. References King Fahd University of Petroleum & Minerals kfupm.edu.sa21 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 [1] M. Taguinod, A. Doupe, Z. Zhao, and G. J. Ahn, “Toward a Moving Target Defense for Web Applications,” Proc. - 2015 IEEE 16th Int. Conf. Inf. Reuse Integr. IRI 2015, pp. 510–517, 2015. [2] A. Doupé, L. Cavedon, C. Kruegel, and G. Vigna, “Enemy of the State: A State-Aware Black-Box Vulnerability Scanner.” 2012. [3] A. Doupé, W. Cui, M. H. Jakubowski, M. Peinado, C. Kruegel, and G. Vigna, “deDacota: Toward Preventing Server-side XSS via Automatic Code and Data Separation,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 1205–1216. [4] D. Evans, A. Nguyen-Tuong, and J. Knight, “Effectiveness of Moving Target Defenses,” in Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, S. Jajodia, A. K. Ghosh, V. Swarup, C.Wang, and X. S. Wang, Eds. New York, NY: Springer New York, 2011, pp. 29–48. [5] C. De Faveri and A. Moreira, “A SPL Framework for Adaptive Deception-based Defense,” vol. 9, pp. 5542– 5551, 2018. [6] V. E. Urias, W. M. S. Stout, and C. Loverro, “Computer network deception as a Moving Target Defense,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2015–Janua, 2016. [7] X. Li and Y. Xue, “A survey on server-side approaches to securing web applications,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, 2014. [8] X. Han, N. Kheir, and D. Balzarotti, “Evaluation of Deception-Based Web Attacks Detection,” Proc. 2017 Work. Mov. Target Def. - MTD ’17, pp. 65–73, 2017. [9] S. Jajodia, A. Ghosh, V. Swarup, C. Wamg, and X. Wang, Moving Target Defense. Springer, 2011. [10] J. H. Jafarian, E. Al-Shaer, and Q. Duan. "Openflow random host mutation: transparent moving target defense using software defined networking." Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012.
  • 22. References King Fahd University of Petroleum & Minerals kfupm.edu.sa22 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 [11] D. Evans, A. Nguyen-Tuong, and J. Knight, Effectiveness of Moving Target Defenses. Springer, 2011, pp. 29– 48. [12] R. Zhuang1, S. Zhang1, S. A. DeLoach1, X. Ou1, and A. Singhal2,“Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense,” in National Symposium on Moving Target Research, June 2012. [13] M. Almeshekah, M. Atallah, and E. Spafford, “The case of using negative (deceiving) information in data protection,” Proc. 2014 CERIAS '14 Proceedings of the 15th Annual Information Security Symposium, Article no. 45, 2014. [14] M. Thompson, et al. "Dynamic Application Rotation Environment for Moving Target Defense." Resilience Week (RWS), 2016. IEEE, 2016.
  • 23. Thank you! Question? E-mail to: King Fahd University of Petroleum & Minerals kfupm.edu.sa 10/28/2018 – 52nd Annual IEEE Carnahan Conference on Security Technology – Montreal October 22-25, 2018 Basirudin Djamaluddin Ahmed Alnazeer Farag Azzedin g201601060@kfupm.edu.sa g201406320@kfupm.edu.sa fazzedin@kfupm.edu.sa