Active Deception Framework: An Extensible Development Environment for Adaptive Cyber Deception
Published in 2020 IEEE Secure Development (SecDev), 2020
Cyber deception provides a proactive cyber defense that can reverse the asymmetry in cyber warfare through confusing, misleading, or diverting attackers to false goals. However, developing and deploying adaptive cyber deception techniques in real-life operational networks is an extremely complex and time-consuming task due to the extensive efforts required to implement the underlying network infrastructure configuration functions that are necessary to support active cyber deception operations, including observing, planning, and deploying honey resources at real-time. Therefore, developers in this field often spend significant time and effort building such infrastructural functions rather than focusing on developing sophisticated strategies for cyber deception applications.In this paper, we developed an active cyber deception framework (ADF) that provides an extensible rich API and synthesis engine for developing advanced cyber deception applications. The API can be used to observe adversary actions, compose multi-strategy deception plans, and ensure safe yet quick deployment of deception plans by automatically managing the network configuration and operational tasks. In addition, ADF provides deception as a service by automatic orchestration of deception planning and deployment with minimal human involvement. We implemented our deception framework using the OpenDaylight Software-defined networking controller. We evaluated ADF using various case studies that demonstrate the rapid and cost-effective deployment of advanced application of active deception on real networks within a few seconds.