Deception-NET: Build Your Own Deception
The security of cloud applications using traditional/reactive defense mechanisms such as Signature-based Detection (IDS/IPS), vulnerability scanning and software patching alone are not useful against the intelligent adversary. The reactive security can be bypassed by using variants of known attacks, fragmentation of network traffic, etc. Our framework "Deception-NET" utilizes intelligent learning approach to collect network flows, host, and access logs, IDS alerts to train a model which can detect the different variants of attacks. The game-theoretic decision is used to deceive adversaries. Deception-NET utilizes a situation-aware game-theoretic framework. The deception redirects the persistent adversaries into accessing fake web applications, cryptographic keys and dummy documents. We showcase how cybersecurity practitioners and researchers can set up such a training environment using light-weight and modular services such as Docker ELK, vulnerable docker containers, and docker honeypots. In effect, small scale security providers
will benefit by setting up a modular on-premise deception network instead of using third-party services.
Ankur Chowdhary, PhD Candidate, Arizona State University
Ankur Chowdhary is a PhD Candidate at ASU, and coach for ASU's National Cybersecurity Defense Competition (NCCDC) team. Ankur is co-founder and CEO of cybersecurity startup CyNET LLC. He also co-founded hacking club DevilSec at ASU aimed at teaching offensive and defensive security. He is interested in advancement of Cybersecurity by application of multi-disciplinary approach - Artificial Intelligence, Machine Learning, and Game Theory. Ankur has co-authored one Cybersecurity textbook titled "Software-Defined Networking and Security: From Theory to Practice", and 24 peer-reviewed research papers in the field of Cybersecurity. In past Ankur has worked for Blackberry Ltd. as Security Research Intern (2016) , InfoSec Intern at RSG (2015), and Software Engineer at CSC (2011-13). He received my MS in CSE from ASU in 2015 with specialization in Cybersecurity, and B.Tech in IT from GGSIPU in 2011. Details of his research works and current activities can be found at his website https://www.public.asu.edu/~achaud16/.