Int J Performability Eng ›› 2022, Vol. 18 ›› Issue (12): 854-862.doi: 10.23940/ijpe.22.12.p3.854862

Previous Articles     Next Articles

Critical Path to Place Decoys in Deception Biota

Jalaj Pateriaa,*, Laxmi Ahujaa, and Subhranil Somb   

  1. aAmity Institute of Information Technology, Noida, 201313, India;
    bBhairab Ganguly College, Kolkata, 700056, India
  • Submitted on ; Revised on ; Accepted on
  • Contact: * E-mail address: Pateria_jalaj@hotmail.com

Abstract: With the rapid growth of cloud or on-premises storage, widespread networking and other physical devices, complex IT infrastructure and processes for creating, processing, and storing all forms of electronic data, securing data that too in the initial compromise phase is critical, so it doesn’t translate back into a cyber-attack. During the covid pandemic where the whole world was working from open networks, data breaches and cyber security issues have gone to their peak. Intruders are moving laterally compromising data intelligently following various techniques like delaying the attack cycle where the intruder enters the network, gathers information, and stays away for a couple of days so that their previous interaction goes faded. This article describes the collaborative pattern analysis and event chaining of the compromised data during the reconnaissance phase of the attack chain and enables deception technology by enhancing predictability and planning to place decoys in the network dynamically. Deception technology can understand instantaneous data and provide verdicts based on real-time interactions. If any suspicious behaviour encountered by the decoys for that instance is co-related well with the attack matrix an alarm is being raised where decoys generate lures which create a false information stream that leads attackers exposed while protecting real enterprise network and assets. However, the current setup is not enabled to a level where it can track attackers who are working from multiple endpoints at the same time or using the gained data from the scans to access in the future. We are proposing a new and efficient Event chaining-based solution (named as DT-Chains) that overcomes the limitations in earlier proposed solutions. As part of this framework, we propose to design and develop a solution that will do an analysis on reconnaissance Attack Data. This newly proposed solution is expected to enable existing deception Technology to reduce false positives and helps to track attackers which are working from multiple endpoints at the same time or using the gained data from the scans to access in the future. This will also help in predicting the attack critical path which enables automated deception triggers for decoys.

Key words: breadcrumbs, decoys, event chaining, artificial intelligence, catastrophic forgetting, cybersecurity, deception technology