网络欺骗技术综述

doi:10.11959/j.issn.1000-436x.2017281

Abstract

Abstract:

The asymmetric situation of network attacks and defenses is one of the key issues of current network security.Cyber deception was a revolutionary technology introduced by defenders to alter the asymmetric situation.By thwarting an attacker's cognitive processes，defenders can mislead attackers，hence causing them to take specific actions that aid network security defenses.In this way，defenders can log attackers'behavior and method，increase cost for the attackers to launch a successful attack，as well as reduce the probability of an attacker's success.Cyber deception formally and classify cyber deception into four classes was defined.Then，the cyber deceptions’development was divided into three stages，and each stage’s character was decided.Next，a hierarchical model to describe the existing work was proposed.At last，the countermeasures in cyber deception and the development trends in this field was discussed.

Key words: cyber deception, cognitive process, attack, defense

CLC Number:

TP393

Zhao-peng JIA,Bin-xing FANG,Chao-ge LIU,Qi-xu LIU,Jian-bao LIN. Survey on cyber deception[J]. Journal on Communications, 2017, 38(12): 128-143.

Figures/Tables 11

References 79

[1]	蔡桂林, 王宝生, 王天佐 ,等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016,53(5): 968-987.
	CAI G L , WANG B S , WANG T Z ,et al. Research and development of moving target defense technology[J]. Journal of Computer Research and Development, 2016,53(5): 375-378
[2]	ZHUANG R , ZHANG S , DELOACH S A ,et al. Simulation-based approaches to studying effectiveness of moving-target network defense[C]// National Symposium on Moving Target Research. 2012. 1-12
[3]	JAJODIA S , SUBRAHMANLAN V S , SWARUP V ,et al. Cyber deception[M]. Springer, 2016.
[4]	CANALI D , BALZAROTTI D . Behind the scenes of online attacks:an analysis of exploitation behaviors on the Web[C]// 20th Annual Network ＆ Distributed System Security Symposium (NDSS 2013). 2013.
[5]	JUELS A , RIVEST R L . Honeywords:making password-cracking detectable[C]// 2013 ACM SIGSAC conference on Computer ＆communications security. 2013: 145-160.
[6]	ARAUJO F , HAMLEN K W , BIEDERMANN S ,et al. From patches to honey-patches:Lightweight attacker misdirection,deception,and disinformation[C]// The 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 942-953.
[7]	KAPRAVELOS A , GRIER C , CHACHRA N ,et al. Hulk:Eliciting malicious behavior in browser extensions[C]// The 23rd Usenix Security Symposium. 2014.
[8]	GUPTA P , SRINIVASAN B , BALASUBRAMANIYAN V ,et al. Phoneypot:data-driven understanding of telephony threats[C]// 2015 Network and Distributed System Security(NDSS)Symposium. 2015.
[9]	URIAS V E , STOUT W M , LIN H W . Gathering threat intelligence through computer network deception[C]// 2016 IEEE Symposium on Technologies for Homeland Security(HST). 2016: 1-6.
[10]	TAN K L G . Confronting cyberterrorism with cyber deception[D]. Monterey,California:Naval Postgraduate School, 2003.
[11]	JONES J H J , LASKEY K B . Using Bayesian attack detection models to drive cyber deception[C]// The Eleventh UAI Conference on Bayesian Modeling Applications Workshop. 2014: 60-69.
[12]	刘宝旭, 许榕生 . 主动型安全防护措施-陷阱网络的研究与设计[J]. 计算机工程, 2002,28(12): 9-11.
	LIU B X , XU R S . Study and design of the proactive security protecting measure-honeynet[J]. Computer Engineering, 2002,28(12): 9-11
[13]	刘宝旭, 曹爱娟, 许榕生 . 陷阱网络技术综述[J]. 网络安全技术与应用, 2003,(01): 65-69.
	LIU B X , CAO A J , XU R S . Summary of the honeynet technology[J]. Net Security Technologies And Application, 2003,(01): 65-69.
[14]	曹爱娟, 刘宝旭, 许榕生 . 网络陷阱与诱捕防御技术综述[J]. 计算机工程, 2004,(09): 1-3.
	CAO A J , LIU B X , XU R S . Summary of the honeynet and entrapment defense technology[J]. Computer Engineering, 2004,(09): 1-3.
[15]	程杰仁, 殷建平, 刘运 ,等. 蜜罐及蜜网技术研究进展[J]. 计算机研究与发展, 2008,45(S1): 375-378.
	CHENG J R , YIN J P , LIU Y ,et al. Advances in the honeypot and honeynet technologies[J]. Journal of Computer Research and Development, 2008,45(S1): 375-378
[16]	诸葛建伟, 唐勇, 韩心慧 ,等. 蜜罐技术研究与应用进展[J]. 软件学报, 2013,24(04): 825-842.
	ZHUGE J W , TANG Y , HAN X H ,et al. Honeypot technology research and application[J]. Journal of Software, 2013,24(4): 825-842.
[17]	WHALEY B . Toward a general theory of deception[J]. The Journal of Strategic Studies, 1982,5(1): 178-192.
[18]	韩枫 . 军事欺骗行为仿真研究[D]. 郑州:解放军信息工程大学, 2006.
	HAN F . Research on emulate of the military deception[D]. Zhengzhou:Information Engineering University, 2006
[19]	YUILL J J . Defensive computer-security deception operations:processes,principles and techniques[D]. North Carolina:North Carolina State University, 2006.
[20]	ALMESHEKAH M H , SPAFFORD E H . Cyber Security Deception[M]// Cyber Deception. 2016: 25-52.
[21]	ANTONATOS S , AKRITIDIS P , MARKATOS E P ,et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007,51(12): 3471-3490.
[22]	AL-SHAER E . Toward network configuration randomization for moving target defense[M]// Moving Target Defense. 2011: 153-159.
[23]	ROWE N C , DUONG B T , CUSTY E J . Fake honeypots:a defensive tactic for cyberspace[C]// 2006 IEEE Information Assurance Workshop. 2006: 223-230.
[24]	MURPHY S , MCDONALD T , MILLS R . An application of deception in cyberspace:operating system obfuscation[C]// 5th International Conference on Information Warfare and Security. 2010.
[25]	SPITZNER L . The honeynet project:trapping the hackers[J]. IEEE Security＆Privacy, 2003,99(2): 15-23.
[26]	诸葛建伟, 韩心慧, 周勇林 ,等. HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J]. 通信学报, 2007,(12): 8-13.
	ZHUGE J W , HAN X H , ZHOU Y L ,et al. HoneyBow:an automated malware collection tool based on the high-interaction honeypot principle[J]. Journal on Communications, 2007,28(12): 8-13
[27]	YUILL J , ZAPPE M , DENNING D ,et al. Honeyfiles:deceptive files for intrusion detection[C]// Information Assurance Workshop. 2004: 116-122.
[28]	COHEN F . A note on the role of deception in information protection[J]. Computers＆Security, 1998,17(6): 483-506.
[29]	STOLL C P . The cuckoo’s egg:tracing a spy through the maze of computer espionage[M]. Doubleday. 1989.
[30]	CHESWICK B , . An evening with Berferd in which a cracker is Lured,Endured,and Studied[C]// The Winter 1992 USENIX Conference. 1992: 163-174.
[31]	KIM G H , SPAFFORD E H . Experiences with tripwire:using integrity checkers for intrusion detection[R]. Purdue University,Department of Computer Sciences, 1994.
[32]	COHEN F . A mathematical structure of simple defensive network deceptions[J]. Computers＆Security, 2000,19(6): 520-528.
[33]	SPITZNER L . Honeypots:tracking hackers[M]. Addison-Wesley Reading, 2003.
[34]	DAGON D , QIN X , GU G ,et al. Honeystat:local worm detection using honeypots[C]// International Workshop on Recent Advances in Intrusion Detection. 2004: 39-58.
[35]	CRANDALL J R , WU S F , CHONG F T . Experiences using minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities[C]// International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment. 2005: 32-50.
[36]	KREIBICH C , CROWCROFT J . Honeycomb:creating intrusion detection signatures using honeypots[J]. ACM SIGCOMM computer communication review, 2004,34(1): 51-56.
[37]	SCHRYEN G , . An e-mail honeypot addressing spammers' behavior in collecting and applying addresses[C]// 6th Annual IEEE Systems,Man and Cypernetics Information Assurance Workshop. 2005: 37-41.
[38]	SCHRYEN G . The impact that placing email addresses on the Internet has on the receipt of spam:an empirical analysis[J]. Computers ＆Security, 2007,26(5): 361-372.
[39]	WANG Y M , BECK D , JIANG X ,et al. Automated Web patrol with strider honeymonkeys[C]// The 2006 Network and Distributed System Security Symposium. 2006: 35-49.
[40]	BAECHER P , KOETTER M , HOLZ T ,et al. The nepenthes platform:An efficient approach to collect malware[C]// 9th International Symposium on Recent Advances in Intrusion Detection. Hamburg,GERMANY, 2006. 165-184.
[41]	PORTOKALIDIS G , SLOWINSKA A , BOS H . Argos:an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation[C]// The 2006 EuroSys Conference. 2006: 15-27.
[42]	NEWSOME J , SONG D . Dynamic taint analysis for automatic detection,analysis,and signaturegeneration of exploits on commodity software[C]// The 12th Annual Network and Distributed System Security Symposium. 2005.
[43]	HOLZ T , RAYNAL F . Detecting honeypots and other suspicious environments[C]// 6th Annual IEEE Systems,Man and Cypernetics Information Assurance Workshop. 2005: 29-36.
[44]	ROWE N C , CUSTY E J , DUONG B T . Defending cyberspace with fake honeypots[J]. Journal of Computers, 2007,2(2): 25-36.
[45]	ZHAO Z , LIU F , GONG D . An SDN-based fingerprint hopping method to prevent fingerprinting attacks[J]. Security and Communication Networks, 2017.
[46]	DISSO J P , JONES K , BAILEY S . A plausible solution to scada security honeypot systems[C]// 2013 Eighth International Conference on Broadband and Wireless Computing,Communication and Applications(BWCCA). 2013: 443-448.
[47]	PROVOS N , . Honeyd-a virtual honeypot daemon[C]// 10th DFN-CERT Workshop. 2003.
[48]	ARTAIL H , SAFA H , SRAJ M ,et al. A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks[J]. Computers＆Security, 2006,25(4): 274-288.
[49]	BORDERS K , FALK L , PRAKASH A . OpenFire:using deception to reduce network attacks[C]// 3rd International Conference o Security and Privacy in Communication Networks and Workshops. 2007: 224-233.
[50]	RRUSHI J L , . NIC displays to thwart malware attacks mounted from within the OS[C]// Computers＆Security. 2016: 6159-6171.
[51]	ROBERTSON S , ALEXANDER S , MICALLEF J ,et al. CINDAM:customized information networks for deception and attack mitigation[C]// IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops,Massachusetts Inst Technol. 2015: 114-119.
[52]	WANG K , CHEN X , ZHU Y . Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks[J]. Plos One, 2017,12(5):e0177111.
[53]	BORDERS K , ZHAO X , PRAKASH A . Siren:catching evasive malware[C]// 2006 IEEE Symposium on Security and Privacy (S＆P'06). 2006.
[54]	WHITE J . Creating personally identifiable honeytokens[M]. Innovations and Advances in Computer Sciences and Engineering.Springer. 2010: 227-232.
[55]	WHITE J , PANDA B . Implementing PII honeytokens to mitigate against the threat of malicous insiders[C]// 2009 IEEE International Conference on Intelligence and Security Informatics. 2009:233.
[56]	CHAKRAVARTY S , PORTOKALIDIS G , POLYCHRONAKIS M ,et al. Detecting traffic snooping in Tor using decoys[C]// International Workshop on Recent Advances in Intrusion Detection. 2011: 222-241.
[57]	AKIYAMA M , YAGI T , HARIU T ,et al. HoneyCirculator:distributing credential honeytoken for introspection of web-based attack cycle[J]. International Journal of Information Security, 2017: 1-17.
[58]	ZHAO L , MANNAN M . Explicit authentication response considered harmful[C]// The 2013 New security paradigms workshop(NSPW'13). 2013: 77-86.
[59]	JOHN J P , YU F , XIE Y ,et al. Heat-seeking honeypots:design and experience[C]// The 20th International Conference on World Wide Web. 2011: 207-216.
[60]	MPHAGO B , BAGWASI O , PHOFUETSILE B ,et al. Deception in dynamic Web application honeypots:case of glastopf[C]// The International Conference on Security and Management (SAM). 2015:104.
[61]	ISHIKAWA T , SAKURAI K . Parameter manipulation attack prevention and detection by using web application deception proxy[C]// The 11th International Conference on Ubiquitous Information Management and Communication. 2017:74.
[62]	THOMPSON M , MENDOLLA M , MUGGLER M ,et al. Dynamic application rotation environment for moving target defense[C]// 2016 Resilience Week. 2016.
[63]	VALLI C , RABADIA P , WOODWARD A . Patterns and patter-an investigation into SSH activity using kippo honeypots[C]// The 11th Australian Digital Forensics Conference. 2013: 141-149.
[64]	HES R , KOMISARCZUK P , STEENSON R ,et al. The capture-HPC client architecture[R]. Technical report,Victoria University of Wellington, 2009.
[65]	NAZARIO J , . PhoneyC:a virtual client honeypot[C]// The 2nd USENIX Conference on Large-scale Exploits and Emergent Threats:Botnets,Spyware,Worms,and More. 2009: 1-8.
[66]	TAKATA Y , AKIYAMA M , YAGI T ,et al. MineSpider:extracting hidden URLs behind evasive drive-by download attacks[J]. Ieice Transactions on Information＆Systems, 2016,E99.D(4): 860-872.
[67]	HUTCHINS E M , CLOPPERT M J , AMIN R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare＆Security Research, 2011,180.
[68]	CHEN X , ANDERSEN J , MAO Z M ,et al. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware[C]// 2008 IEEE International Conference on Dependable Systems＆Networks With FTCS＆DCC. 2008: 177-186.
[69]	DORNSEIF M , HOLZ T , KLEIN C N . Nosebreak-attacking honeynets[C]// 5th Annual IEEE Information Assurance Workshop. 2004: 123-129.
[70]	FU X , YU W , CHENG D ,et al. On recognizing virtual honeypots and countermeasures[C]// 2nd IEEE International Symposium on Depenable,Autonomic and Secure Computing. 2006: 211-218.
[71]	DEFIBAUGH-CHAVEZ P , VEERAGHATTAM R , KANNAPPA M ,et al. Network based detection of virtual environments and low interaction honeypots[C]// 7th Annual IEEE Information Assurance Workshop. 2006: 283-289.
[72]	KRAWETZ N . Anti-honeypot technology[J]. IEEE Security＆Privacy, 2004,2(1): 76-79.
[73]	ZOU C C , CUNNINGHAM R . Honeypot-aware advanced botnet construction and maintenance[C]// International Conference on Dependable Systems and Networks(DSN'06). 2006: 199-208.
[74]	QUYNH N A , TAKEFUJI Y . Towards an invisible honeypot monitoring system[C]// 11th Australasian Conference on Information Security and Privacy. Melbourne,AUSTRALIA, 2006: 111-122.
[75]	JIANG X , WANG X . “Out-of-the-box”monitoring of VM-based high-interaction honeypots[C]// International Workshop on Recent Advances in Intrusion Detection. 2007: 198-218.
[76]	ANTONATOS S , ANAGNOSTAKIS K , MARKATOS E . Honey@home:a new approach to large-scale threat monitoring[C]// 5th ACM Workshop on Recurring Malcode. 2007: 38-45.
[77]	石乐义, 李婕, 刘昕 ,等. 基于动态阵列蜜罐的协同网络防御策略研究[J]. 通信学报, 2012,(11): 159-164.
	SHI L Y , LI J , LIU X ,et al. Research on dynamic array honeypot for collaborative network defense strategy[J]. Journal on Communications, 2012,33(11): 159-164.
[78]	郭军权, 诸葛建伟, 孙东红 ,等. Spampot:基于分布式蜜罐的垃圾邮件捕获系统[J]. 计算机研究与发展, 2014,51(5): 1071-1080.
	GUO J Q , ZHUGE J W , SUN D H ,et al. Spampot:a spam CAPTURE system based on distributed honeypot[J]. Journal of Computer Research＆Development, 2014,51(5): 1071-1080
[79]	WANG C Y , JHAO Y L , WANG C S ,et al. The bilateral communication-based dynamic extensible honeypot[C]// 49th Annual International Carnahan Conference on Security Technology (ICCST). 2015: 263-268.

Metrics

Recommended 0

No Suggested Reading articles found!

欺骗类别	策略	定义
	掩盖	隐藏所有鲜明的特征，或将其与周围的特征相匹配
掩饰	重新包装	添加或削减特性而将其转换为其他对象
	目眩	创造全新的或不同的对象
	模仿	复制一个或多个特征来近似某一对象
模拟	编造	随机或部分模糊对象的特性
	诱骗	创造虚假的特性，来给定额外的模式

公司	国家	产品/方案	防御功能	融资情况
Illusive Networks	以色列	Deceptions Everywhere?	伪装欺骗	2015年6月获得500万美元融资
				2015年10月获得2 200万美元融资
Cymmetria	以色列	MazeRunner	伪装欺骗	2015年累计获得1 050万美元融资
TrapX	美国	DeceptionGrid Platform	伪装欺骗	2014年1月获得500万美元融资
				2015年7月获得900万美元融资
Attivo	美国	ThreatMatrix Platform	伪装欺骗	2015年4月获得800万美元融资
Allure	美国	Novo Platform	伪装欺骗	——
长亭科技	中国	谛听威胁感知系统	伪装欺骗	2015年9月获得600万元天使轮投资
黙安科技	中国	幻盾	伪装欺骗	2017年获得3 000万元投资

阶段	描述
侦查	选择与研究目标，寻找目标网络漏洞
武器化	研制网络武器，如病毒和蠕虫
投送	将网络武器投送到目标
漏洞利用	触发网络武器，在目标网络中利用漏洞
安装	网络武器安装可被入侵者使用的接入点
命令与控制	入侵者与目标网络保持访问
执行	入侵者采取行动达到攻击目标，如数据分割、摧毁等

欺骗类型	侦查和武器化	投送	漏洞利用和安装	命令控制与武器执行
应用欺骗	Glastopf、HIHAT、Kippo	HoneyMonkey、Capture-HPC、PhoneyC	uvauth、honey-patches	──
数据欺骗	Honeywords、Detecting traffic snooping in Tor using decoys	──	──	PII、honeyfile、Siren
网络结构欺骗	Honeyd、honeynet、混杂蜜罐、OpenFire	Network Address Space Randomization、MUTE（mutable networks）、CINDAM、RDAM		──
设备欺骗	DTK、HoneyBow、Argos、Operating System Obfuscation、FPH	──	fake honeypot	──

Survey on cyber deception

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 79

Related Articles 15

Metrics

Recommended 0

[1]	Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153.
[2]	Jiale ZHANG, Chengcheng ZHU, Xiaobing SUN, Bing CHEN. Membership inference attack and defense method in federated learning based on GAN [J]. Journal on Communications, 2023, 44(5): 193-205.
[3]	Yingze LIU, Yuanbo GUO, Chen FANG, Yongfei LI, Qingli CHEN. Intelligent planning method for cyber defense strategies based on bounded rationality [J]. Journal on Communications, 2023, 44(5): 52-63.
[4]	Shengxing YU, Zekai CHEN, Zhong CHEN, Ximeng LIU. DAGUARD: distributed backdoor attack defense scheme under federated learning [J]. Journal on Communications, 2023, 44(5): 110-122.
[5]	Dacheng ZHOU, Hongchang CHEN, Weizhen HE, Guozhen CHENG, Hongchao HU. Research on multidimensional dynamic defense strategy for microservice based on deep reinforcement learning [J]. Journal on Communications, 2023, 44(4): 50-63.
[6]	Shaoyu DU. Improved integral attack——random linear distinguish and key recovery attack [J]. Journal on Communications, 2023, 44(4): 145-153.
[7]	Jinyin CHEN, Haiyang XIONG, Haonan MA, Yayu ZHENG. CLB-Defense: based on contrastive learning defense for graph neural network against backdoor attack [J]. Journal on Communications, 2023, 44(4): 154-166.
[8]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[9]	Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44.
[10]	Ming XU, Baojun ZHANG, Yiming WU, Chenduo YING, Ning ZHENG. Cyber attacks and privacy protection distributed consensus algorithm for multi-agent systems [J]. Journal on Communications, 2023, 44(3): 117-127.
[11]	Huawei HUANG. Security analysis of public-key cryptosystems based on matrix action problem against quantum attack [J]. Journal on Communications, 2023, 44(3): 220-226.
[12]	Dongbin WANG, Dongzhe WU, Hui ZHI, Kun GUO, Xu ZHANG, Jinqiao SHI, Yu ZHANG, Yueming LU. Preventing flow table overflow against denial of service attack in software defined network [J]. Journal on Communications, 2023, 44(2): 1-11.
[13]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[14]	Youliang TIAN, Maoqing TIAN, Hongfeng GAO, Miao HE, Jinbo XIONG. Cooperation-based location authentication scheme for crowdsensing applications [J]. Journal on Communications, 2022, 43(9): 121-133.
[15]	Jing ZHAO, Jun LI, Chun LONG, Wei WAN, Jinxia WEI, Kai CHEN. Unsupervised detection method of RoQ covert attacks based on multilayer features [J]. Journal on Communications, 2022, 43(9): 224-239.