Fool your enemies: Enable Cyber Deception and Moving Target Defense for Intrusion Detection in SDN

20:59 05/09/2022

The adoption of deception technology constructed to throw off stealthy attackers from real assets and gather intelligence about how they operate is gaining ground in the network system. Also, some static honeypots are deployed in the network system to attract adversaries for avoiding them accessing the real targets. This leads to a disclosure of the existence of cyber traps in the network that do not fool skillful attackers. Meanwhile, there are many intrusion detection systems (IDS) lack the abnormal traffic sample to obtain the knowledge of cyberattacks. Hence, it is vital to make honeypots more dynamically and give the material for harvesting useful threat intelligence for detector. Taking advantage of Software Defined Networking (SDN), cyber traps can be easily deployed when an intrusion detector triggers or actively laid in advance to mitigate the impact of adversaries into real assets. Instead of building IDS separately or blocking attacks promptly after an alert issued, in this paper, we utilize the strategy of associating Cyber Deception, and Moving Target Defense (MTD) with IDS in SDN, named FoolYE (Fool your enemies) to slow a network intruder down and leverage the behaviors of adversaries on traps for feeding back detector awareness.

Penetration testing is one of the most common methods for assessing the security of a system, application, or network. Although there are different support tools with great efficiency in this field, penetration testing is done mostly manually and relies heavily on the experience of the ethical hackers who are doing...
Software-defined networking (SDN) is a potential approach for modern network architecture, which has received great attention recently. SDN-based networks also face security issues, and they can become targets of cyberattacks. Cyber threat hunting is one of the security solutions proposed for early attack detection in SDN. Developing machine learning-based IDS...