Skip to main content

Role-Based Deception in Enterprise Networks

Publication ,  Conference
Anjum, I; Zhu, M; Polinsky, I; Enck, W; Reiter, MK; Singh, MP
Published in: CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
April 26, 2021

Historically, enterprise network reconnaissance is an active process, often involving port scanning. However, as routers and switches become more complex, they also become more susceptible to compromise. From this vantage point, an attacker can passively identify high-value hosts such as the workstations of IT administrators, C-suite executives, and finance personnel. The goal of this paper is to develop a technique to deceive and dissuade such adversaries. We propose HoneyRoles, which uses honey connections to build metaphorical haystacks around the network traffic of client hosts belonging to high-value organizational roles. The honey connections also act as network canaries to signal network compromise, thereby dissuading the adversary from acting on information observed in network flows. We design a prototype implementation of HoneyRoles an OpenFlow SDN controller and evaluate its security using the PRISM probabilistic model checker. Our performance evaluation shows that HoneyRoles has a small effect on network request completion time, and security analysis demonstrates that once an alert is raised, HoneyRoles can quickly identify the compromised switch with high probability. In doing so, we show that role-based network deception is a promising approach for defending against adversaries in compromised network devices.

Duke Scholars

Published In

CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy

DOI

Publication Date

April 26, 2021

Start / End Page

65 / 76
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Anjum, I., Zhu, M., Polinsky, I., Enck, W., Reiter, M. K., & Singh, M. P. (2021). Role-Based Deception in Enterprise Networks. In CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy (pp. 65–76). https://doi.org/10.1145/3422337.3447824
Anjum, I., M. Zhu, I. Polinsky, W. Enck, M. K. Reiter, and M. P. Singh. “Role-Based Deception in Enterprise Networks.” In CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy, 65–76, 2021. https://doi.org/10.1145/3422337.3447824.
Anjum I, Zhu M, Polinsky I, Enck W, Reiter MK, Singh MP. Role-Based Deception in Enterprise Networks. In: CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy. 2021. p. 65–76.
Anjum, I., et al. “Role-Based Deception in Enterprise Networks.” CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy, 2021, pp. 65–76. Scopus, doi:10.1145/3422337.3447824.
Anjum I, Zhu M, Polinsky I, Enck W, Reiter MK, Singh MP. Role-Based Deception in Enterprise Networks. CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy. 2021. p. 65–76.

Published In

CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy

DOI

Publication Date

April 26, 2021

Start / End Page

65 / 76