Articles / CyberSecurity

Spoofing the Spoofers

Credit: Bankinfosecurity.com

Spoofing the Spoofers
Communications of the ACM, November 10, 2020
Commissioned by CACM Staff
ACM News
By Joe Dysart

“Essentially, the software enables a security professional or system administrator to study and react to, hacker activity with much greater sophistication…”

 

Researchers at various universities have come up with cybersecurity software that tricks hackers into revealing the tactics they use to penetrate and control computer systems. Instead of blocking hackers, the software ingeniously invites hackers in, routes them to a decoy Web site or network, and then studies their behavior as they reveal their nefarious methods.

 

For example, the DEEP-Dig ((DEcEPtion DIGging) software transforms hackers into “a source of free labor,” says Kevin Hamlen, a member of the research team and Eugene McDermott Professor of Computer Science professor at the University of Texas at Dallas.

 

The ploy of using decoy Web sites and decoy networks to trick hackers has been in use by security administrators since around the turn of the century, according to Richard Forno, a senior lecturer in the department of computer science and electrical engineering of the University of Maryland, Baltimore County (UMBC), and assistant director of the UMBC Center for Cybersecurity.

 

Approaches to the security deception method vary, but the principle behind them remains the same: enable a hacker to penetrate your network, then trick him or her into thinking they are working with your actual network or data when in fact they are really working with a dummy network or dummy data.

 

Often, security deception software creates emulations of the inner workings of entire networks or Web sites in an attempt to fool hackers.

 

The difference with DEEP-Dig’s approach to this principle is that it’s powered by a deep neural network. Essentially, the software enables a security professional or system administrator to study and react to, hacker activity with much greater sophistication, according to Reza Curtmola, a professor of computer science in the New Jersey Institute of Technology who specializes in cybersecurity.

Perhaps security deception software’s greatest potential pitfall is that no amount of AI-powered trickery will safeguard an organization if a network administrator fails to meet the basic requirements of cybersecurity…

Read the Full Article »

About the Author:

Joe Dysart is an Internet speaker and business consultant based in Manhattan, NY, USA.

 

Related Posts

Colorful blue and yellow graphic with two abstract whales - Illustration: Agnes Jonas

How to Use AI to Talk to Whales—and Save Life on Earth

Soldier holding a drone with blue and yellow overlays - Photograph: Getty Images

Everyone Wants Ukraine’s Battlefield Data

Conceptual AI illustration - Illustration: James Marshall

The AI Detection Arms Race Is On

Hand on knob of CO2 scale

The Carbon Footprint of Artificial Intelligence

A collage of portraits of the 8 authors of the Transformers paper - ILLUSTRATION: MAGDA ANTONIUK

8 Google Employees Invented Modern AI. Here’s the Inside Story

Ilya Sutskever Sam Altman Mira Murati and Greg Brockman of OpenAI - Photograph: Jessica Chou

What OpenAI Really Wants