Jie Fu Uses Deception and Counter Deception to Protect Cyber Systems

Dr. Jie Fu

ECE Assistant Professor Jie Fu has received $390k of funding from the Army Research Office (ARO), a directorate of the U.S. Army Combat Capabilities Development Command Army Research Laboratory, in support of her project, “Verification and Synthesis of Assured Dynamic Cyber Defense with Deception and Counter Deception.” This work aims to develop methods to verify cyber network security using dynamic network security protocols and to design cyber security protocols and systems which use deception, such as allocating honey pots, honey files, and honey networks.

Honeypots, Uncertainty, and Deception

Consider the following scenario. An attacker (via a phishing attack) infiltrates a web server. The attacker is granted admin privileges and eventually is able to reveal the database credentials and subsequently can take over the site. To mitigate such an attack proactively, the defender can use a honeypot, data that appears to be a legitimate part of the site but is in reality an isolated and monitored area capable of tracking or analyzing the attacker. The attempted attack will be detected but the attacker will not be aware of the detection. Using network switching, the defender redirects the attacker into a safe clone of the data server (a honey server), and use monitoring to learn the attacker’s intention. Think of it like a sting operation, but with servers.

This type of dynamic system-wide defense can be effective, but it comes at a cost: performance, user experience, and maintenance efforts are all affected. The goal would be to utilize these dynamic defenses (cyber deception, decoys, distraction, increasing complexity for the attacker) while at the same time increasing the efficiency with which these defenses are deployed. Dr. Fu’s research uses a formal methods approach as well as game theory to create models of cyber systems, simulate attacks, and analyze the results.

Dr. Fu’s work has three fundamental aims. First, the development of novel algorithms for verifying and synthesizing proactive defense systems; second, developing active cyber defense strategies with novel deception mechanisms; and third, developing effective dynamic defense strategies against learning-based attacks.

Impact

The immediate impact of the work would be the creation of strategies and systems which would generalize and scale up to network security applications. Incorporating robust, effective, and efficient strategies, including deception and counter-deception, would enhance and secure sensitive and critical cyber infrastructure.