Moving Target Defense and Cyber Deception emerged in recent years as two key proactive cyber defense approaches, contrasting with the static nature of the traditional reactive cyber defense. The key insight behind these approaches is to impose an asymmetric disadvantage for the attacker by using deception and randomization techniques to create a dynamic attack surface. Moving Target Defense typically relies on system randomization and diversification, while Cyber Deception is based on decoy nodes and fake systems to deceive attackers. However, current Moving Target Defense techniques are complex to manage and can introduce high overheads, while Cyber Deception nodes are easily recognized and avoided by adversaries. This paper presents DOLOS, a novel architecture that unifies Cyber Deception and Moving Target Defense approaches. DOLOS is motivated by the insight that deceptive techniques are much more powerful when integrated into production systems rather than deployed alongside them. DOLOS combines typical Moving Target Defense techniques, such as randomization, diversity, and redundancy, with cyber deception and seamlessly integrates them into production systems through multiple layers of isolation. We extensively evaluate DOLOS against a wide range of attackers, ranging from automated malware to professional penetration testers, and show that DOLOS is highly effective in slowing down attacks and protecting the integrity of production systems. We also provide valuable insights and considerations for the future development of MTD techniques based on our findings.
翻译:近些年来,移动目标防御和网络欺骗出现了两种关键的主动式网络防御方法,与传统的被动式网络防御的静态性质形成对比。这些方法的关键洞察力是通过欺骗和随机化技术制造动态攻击表面,给攻击者造成不对称的不利条件。移动目标防御通常依靠系统随机化和多样化,而网络欺骗则以诱饵节点和欺骗攻击者假系统为基础。然而,当前的移动目标防御技术复杂,可以管理并引入高顶部,而网络欺骗节点很容易被对手识别和避免。本文展示了DOLS,这是一个整合网络欺骗和移动目标防御方法的新结构。DOLS的动机是:欺骗性技术在融入生产系统而不是同时部署时更强大得多。DOLS将典型的移动目标防御技术(如随机化、多样性和冗余力)结合起来,同时通过多层隔离将这些技术顺利地融入生产系统。我们广泛评估了DOLS,从自动恶意渗透测试者到专业测试者,以及移动目标防御方法的移动。DLOS的动力是源于这样的洞察力,并且显示DLS(WLS)也非常有效地保护了我们的攻击和DDDDDD的发现。</s>