Machine-oriented biometrics and cocooning for dynamic network defense | Zendy

Jason J. Haas | Zendy; Justin Doak | Zendy; Jason Hamlet | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Machine-oriented biometrics and cocooning for dynamic network defense

Author(s) -

Jason J. Haas,

Justin Doak,

Jason Hamlet

Publication year - 2013

Publication title -

osti oai (u.s. department of energy office of scientific and technical information)

Language(s) - English

Resource type - Conference proceedings

DOI - 10.1145/2459976.2460014

Subject(s) - computer science , compromise , computer security , process (computing) , intrusion , intrusion detection system , biometrics , duality (order theory) , operating system , social science , mathematics , geochemistry , discrete mathematics , sociology , geology

Current cyber defenses result in binary access for attackers who have compromised a host: either the attacker has full access to the machine or the intrusion is detected and the machine is removed from the network. This is the result of an apparent duality when determining if a system is compromised; i.e., either it is or it is not. However, analysts usually make decisions based upon many pieces of data and their own experience, which may lend itself to higher resolution in the decision-making process. We propose using machine-oriented indicators of compromise to trigger progressive, incremental cocooning of a machine by replacing real network services with their emulated counterparts, which are indistinguishable from real services to attackers. The emulated services will be instrumented to gather additional details about an attacker's tools and techniques. Incremental cocooning reduces the effect on normal users' experiences.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research