Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/4/2019
04:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Researchers Devise New Method of Intrusion Deception for SDN

Team from University of Missouri take wraps off Dolus, a system 'defense using pretense' which they say will help defend software-defined networking (SDN) cloud infrastructure.

Researchers with University of Missouri hope to move the ball forward on cyber decepton technology with a new form of intrusion deception they designed specifically to help defend software-defined networking (SDN) cloud infrastructure.

Their system, called Dolus, was designed using pretense theory from child-play psychology and machine learning to fool attackers: giving them a false sense of success that buys defenders time to thwart DDoS and targeted attacks while collecting valuable threat intelligence in the process.

"With the time gained through effective pretense initiation in the case of DDoS attacks, cloud service providers could coordinate across a unified (software defined everything Infrastructure) SDxI infrastructure involving multiple (autonomous systems) ASes to decide on policies that help in blocking the attack flows closer to the source side," they wrote in their research.

This is a classic sales pitch for intrusion deception methods, which can vary in sophistication from simple honeypots or honey nets all the way up to fully simulated systems and environments.

Research lead Prasad Calyam, associate professor of electrical engineering and computer science and the director of Cyber Education and Research Initiative in the MU College of Engineering, says the difference with Dolus is that it's more fully simulating an SDN environment in production.

"Honepots - they were more like pre-deployments of applications - so before something goes live you do a lot of this resilience testing and then once things are live, you don't do much in terms of sophisticated defense," says Calyam, who believes more sophisticated forms of intrusion deception are "under-explored."

The question is whether the market has already beaten Calyam and his cohort to the punch when it comes to evolving deception technology. Players like Cymmetria, TrapX, and Attivo are currently duking it out with commercial products moving in this direction, and a recent report from Market Insights Reports shows the market will grow by more than 15% annually through 2025.

So it’s no surprise that analysts like Rich Mogull and Adrian Lane of Securosis wonder whether this is much different than what practitioners already have access to on the market. 

Lane says he's "highly skeptical" from what he's seen skimming through the research. And Mogull notes that while he likes the concept of tricking attackers with deception, simply putting forward an advance using some social theory and AI/machine learning may not be enough to differentiate Dolus from existing deception products.

"It isn't that hard to trick attackers," Mogull says, also noting that the DDoS defense for SDN may still have a very limited market. "The market is somewhat limited to cloud providers. Very few enterprises are running SDN."

Calyam, however, believes that there is still room for the field to advance, and his team's next step is in exploring how to coordinate policies across providers' software-defined infrastructure in order to provide a defense that helps the ecosystem improve defense. They're seeking a means of distributed trust, perhaps through the use of blockchain, to accomplish this.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1619
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session ...
CVE-2019-1620
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could ex...
CVE-2019-1621
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker...
CVE-2019-1622
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software...
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.