RADIOELECTRONIC AND COMPUTER SYSTEMS

The number of different types and the actual number of malware and computer attacks is constantly increasing. Therefore, detecting and counteracting malware and computer attacks remains a pressing issue. Users of corporate networks suffer the greatest damage. Many effective tools of various kinds have been developed to detect and counteract these effects. However, the dynamism in the development of new malware and the diversity of computer attacks encourage detection and countermeasure developers to constantly improve their tools and create new ones. The object of research in this paper is deception systems. The task of this study is to develop the elements of the theory and practice of creating such systems. Deception systems occupy a special place among the means of detecting and counteracting malware and computer attacks. These systems confuse attackers, but they also require constant changes and updates, as the peculiarities of their functioning become known over time. Therefore, the problem of creating deception systems whose functioning would remain incomprehensible to attackers is relevant. To solve this problem, we propose a new principle for the synthesis of such systems. Because the formation of such systems will be based on computer stations of a corporate network, the system is positioned as a multi-computer system. The system proposes the use of combined baits and traps to create false attack targets. All components of such a system form a shadow computer network. This study develops a principle for synthesizing multi-computer systems with combined baits and traps and a decision-making controller for detecting and countering IEDs and spacecraft. The principle is based on the presence of a controller for decisions made in the system and the use of specialized functionality for detection and counteraction. According to the developed principle of synthesizing such systems, this paper identifies a subset of systems with deception technologies that must have a controller and specialized functionality. The decision-making controller in the system is separate from the decision-making center. Its task is to choose the options for the next steps of the system, which are formed in the center of the system, depending on the recurrence of events. Moreover, prolonged recurrence of external events requires the system center to form a sequence of next steps. If they are repeated, the attacker has the opportunity to study the functioning of the system. The controller in the system chooses different answers from different possible answers for the same repeated suspicious events. Thus, an attacker, when investigating a corporate network, receives different answers to the same queries. Specialized functionality, in accordance with the principle of synthesis of such systems, is implemented in the system architecture. It affects the change of system architecture in the process of its functioning as a result of internal and external influences. This paper also considers a possible variant of the architecture of such deception systems, in particular, the architecture of a system with partial centralization. To synthesize such systems, a new method for synthesizing partially centralized systems for detecting malware in computer environments has been developed based on analytical expressions that determine the security state of such systems and their components. In addition, the experiments showed that the loss of 10-20% of the components does not affect the performance of the task. The results of the experiments were processed using ROC analysis and the algorithm for constructing the ROC curve. The results of the experiments made it possible to determine the degree of degradation of the systems constructed in this manner. Conclusions. This paper presents a new principle for the synthesis of multi-computer systems with combined decoys and traps and a decision-making controller for detecting and counteracting IEDs and spacecraft, as well as methods for synthesizing partially centralized systems for detecting malware in computer networks.

deception systems; deception systems synthesizing; principle of systems synthesis, controller, distributed systems; honeynet; trap; baits; malware detection; partial centralization

Lysenko, S., & Savenko, B. Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization. International Journal of Computing, 2023, vol. 22, no, 2. pp. 117-39. DOI: 10.47839/ijc.22.2.3082.

Breeden, J. 5 top deception tools and how they ensnare attackers. Available at: https://www.csoonline.com/article/570063/5-top-deception-tools-and-how-they-ensnare-attackers.html (accessed 06.08.2023).

Acalvio ShadowPlex. Autonomous Deception. Available at: https://www.acalvio.com/product/ 04.09.2023 (аccessed 06.08.2023).

SentinelOne. Available at: https://www.sentinelone.com/surfaces/identity/ (аccessed 06.08.2023).

Proofpoint Identity Threat Defense. Available at: https://www.proofpoint.com/us/illusive-is-now-proofpoint (аccessed 06.08.2023).

Counter Craft Security. Available at: https://www.countercraftsec.com/ (аccessed 06.08.2023).

Fidelis Security. Available at: https://fidelissecurity.com/fidelis-elevate/ (аccessed 06.08.2023).

The Commvault Data Protection Platform. Available at: https://www.commvault.com/ (аccessed 06.08.2023).

Labyrinth Deception Platform. Available at: https://labyrinth.tech/platform (аccessed 06.08.2023).

Labyrinth Deception Platform. Datasheet. Available at: https://labyrinth.tech/assets/media/pdf/labyrinth-data-sheet.pdf (аccessed 06.08.2023).

Feng, M., Xiao, B., Yu, B., Qian, J., Zhang, X., Chen, P., & Li, B. A Novel Deception Defense-Based Honeypot System for Power Grid Network. International Conference on Smart Computing and Communication, 2021, Vol. 13202, pp. 297-307. Cham: Springer International Publishing. DOI: 10.1007/978-3-030-97774-0_27.

Walter, E., Ferguson-Walter, K., & Ridley, A. Incorporating deception into cyberbattlesim for autonomous defense. 2021. arXiv preprint arXiv:2108.13980. DOI: 10.48550/arXiv.2108.13980.

Anwar, A. H., Kamhoua, C. A., Leslie, N. O., & Kiekintveld, C. Honeypot Allocation for Cyber Deception Under Uncertainty. IEEE Transactions on Network and Service Management, 2022, vol. 19. no. 3, pp. 3438-3452. DOI: 10.1109/TNSM.2022.3179965.

Sayed, M. A., Anwar, A. H., Kiekintveld, C., & Kamhoua, C. Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach. 14th International Conference on Decision and Game Theory for Security. GameSec 2023. 2023. arXiv preprint. arXiv:2308.11817. DOI: 10.48550/arXiv.2308.11817.

Anwar, A. H., & Kamhoua, C. A. Cyber Deception using Honeypot Allocation and Diversity: A Game Theoretic Approach. 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 2022, pp. 543-549. DOI: 10.1109/CCNC49033.2022.9700616.

Anwar, A. H., Kamhoua, C., & Leslie, N. Honeypot allocation over attack graphs in cyber deception games. International Conference on Computing, Networking and Communications (ICNC), 2020, pp. 502-506, IEEE. DOI: 10.1109/ICNC47757.2020.9049764.

Acosta, J. C., Basak, A., Kiekintveld, C., & Kamhoua, C. Lightweight On-Demand Honeypot Deployment for Cyber Deception. In Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2022, vol. 441, pp. 294-312. Springer, Cham. DOI: 10.1007/978-3-031-06365-7_18.

Priya, D., & Chakkaravarthy, S. Containerized cloud-based honeypot deception for tracking attackers. Scientific Reports, 2023, vol. 13. DOI: 10.1038/s41598-023-28613-0.

Al-Shaer, E., Wei, J., Hamlen, K. W., & Wang, C. Autonomous Cyber Deception. Reasoning. Adaptive Planning. and Evaluation of HoneyThings. Springer Nature Switzerland AG, 2019. DOI: 10.1007/978-3-030-02110-8.

Wegerer, M., & Tjoa, S. Defeating the Database Adversary Using Deception – A MySQL Database Honeypot. International Conference on Software Security and Assurance (ICSSA), Saint Pölten. Austria, 2016. pp. 6-10. DOI: 10.1109/ICSSA.2016.8.

Kedrowitsch, A., Danfeng, Y., Gang. W., & Cameron, K. A First Look: Using Linux Containers for Deceptive Honeypots. Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense (SafeConfig ‘17). Association for Computing Machinery, New York, NY, USA, 2017, pp. 15–22. DOI: 10.1145/3140368.3140371.

Almeshekah, M. H., & Spafford, E. H. Cyber Security Deception. In: Jajodia. S., Subrahmanian. V., Swarup. V., Wang. C. (eds). Cyber Deception, 2016, p. 318, Cham. Springer. DOI: 10.1007/978-3-319-32699-3_2.

Zobal, L., Kolář, D., & Fujdiak, R. Current State of Honeypots and Deception Strategies in Cybersecurity. 11th International Congress on Ultra-Modern Telecommunications and Control Systems and Workshops (ICUMT). Dublin. Ireland. 2019. pp. 1-9. DOI: 10.1109/ICUMT48472.2019.8970921.

Dahbul, R. N., Lim C., & Purnama. J. Enhancing honeypot deception capability through network service fingerprint. Journal of Physics: Conference Series, 2017, vol. 801, article no. 012057. DOI: 10.1088/1742-6596/801/1/012057.

Razali, M. F., Razali, M. N., Mansor, F. Z., Muruti, G., & Jamil, N. IoT Honeypot: A Review from Researcher's Perspective. IEEE Conference on Application. Information and Network Security (AINS). Langkawi. Malaysia, 2018. pp. 93-98. DOI: 10.1109/AINS.2018.8631494.

La, Q. D., Quek, T. Q. S., Lee, J., & Zhu, H. Deceptive Attack and Defense Game. Honeypot-Enabled Networks for the Internet of Things. IEEE Internet of Things Journal, 2016, vol. 3, no. 6. pp. 1025-1035. DOI: 10.1109/JIOT.2016.2547994.

Rowe, N. C. Honeypot Deception Tactics. In: Al-Shaer, E., Wei, J., Hamlen, K., Wang, C. (eds) Autonomous Cyber Deception. Springer. Cham, 2019. DOI: 10.1007/978-3-030-02110-8_3.

Lysenko, S., Savenko, O., Bobrovnikova, K., & Kryshchuk, A. Self-adaptive system for the corporate area network resilience in the presence of botnet cyberattacks. Communications in Computer and Information Science, 2018, vol. 860, pp. 385-401. DOI: 10.1007/978-3-319-92459-5_31.

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., & Bobrovnikova, K. A Technique for the Botnet Detection Based on DNS-Traffic Analysis. Computer Networks. CN 2015. Communications in Computer and Information Science, 2015, vol. 522, pp. 127-138. DOI: 10.1007/978-3-319-19419-6_12.

Bobrovnikova, K., Lysenko, S., Savenko, B., Gaj, P., & Savenko, O. Technique for IoT malware detection based on control flow graph analysis. Radioelectronic and Computer Systems, 2022, vol. 1, pp. 141–153. DOI: 10.32620/reks.2022.1.11.

Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., & Savenko, B. Information technology for botnets detection based on their behaviour in the corporate area network. Communications in Computer and Information Science, 2017, vol. 718, pp. 166–181. DOI: 10.1007/978-3-319-59767-6_14.

Moskalenko, V., Zarets'kyy, M., Moskalenko, A., Kudryavtsev, A., & Semashko, V. Multi-layer model and training method for malware traffic detection based on decision tree ensemble. Radioelectronic and Computer Systems, 2020, vol. 2, pp. 92-101. DOI: 10.32620/reks.2020.2.08.

Morozova, O., Nicheporuk, A, Tetskyi, A., & Tkachov, V. Methods and technologies for ensuring cybersecurity of industrial and web-oriented systems and networks. Radioelectronic and Computer Systems, 2021, vol. 4, pp. 145-156. DOI: 10.32620/reks.2021.4.12.

Dovbysh A., Liubchak, V., Shelehov, I., Simonovskiy, J., & Tenytska, A. Information-extreme machine learning of a cyber attack detection system. Radioelectronic and Computer Systems. 2022, vol. 3, pp. 121-131. DOI: 10.32620/reks.2022.3.09.

Fursov, I., Yamkovyi, K., & Shmatko, O. Smart Grid and wind generators: an overview of cyber threats and vulnerabilities of power supply networks. Radioelectronic and Computer Systems, 2022, vol. 4. pp. 50-63. DOI: 10.32620/reks.2022.4.04.

Ahmed, J., Karpenko, A., Tarasyuk, O., Gorbenko, A., & Sheikh-Akbari, A. Consistency issue and related trade-offs in distributed replicated systems and databases: a review. Radioelectronic and Computer Systems, 2023, vol. 2. pp. 171-179. DOI: 10.32620/reks.2023.2.14.

Alnajim, A. M., Habib, S., Islam, M., Albelaihi, R, & Alabdulatif, A. Mitigating the Risks of Malware Attacks with Deep Learning Techniques. Electronics, 2023, vol. 12, iss. 14. pp. 3166. DOI: 10.3390/electronics12143166.

da Silva, A. A., & Pamplona Segundo, M. On Deceiving Malware Classification with Section Injection. Machine Learning and Knowledge Extraction, 2023, vol. 5, iss. 1. pp. 144-168. DOI: 10.3390/make5010009.

Saminathan, K., Mulka, S. T. R., Damodharan, S., Maheswar, R., & Lorincz, J. An Artificial Neural Network Autoencoder for Insider Cyber Security Threat Detection. Future Internet. 2023, vol. 15, iss. 12, article no. 373. DOI: 10.3390/fi15120373.

Markoulidakis, I., Rallis, I., Georgoulas, I., Kopsiaftis, G., Doulamis, A., & Doulamis, N. Multiclass Confusion Matrix Reduction Method and Its Application on Net Promoter Score Classification Problem. Technologies, 2021, vol. 9. DOI: 10.3390/technologies9040081.

Tharwat, A. Classification assessment methods. Applied Computing and Informatics, 2021, vol. 17, no. 1, pp. 168-192. DOI: 10.1016/j.aci.2018.08.003.

Powers, D. Evaluation: From Precision. Recall and F-Measure to ROC. Informedness. Markedness & Correlation. arXiv 2020. DOI: 10.48550/arXiv.2010.16061.

Markoulidakis, I., Rallis, I., Georgoulas, I., Kopsiaftis, G., Doulamis, A., & Doulamis, N. A Machine Learning Based Classification Method for Customer Experience Survey Analysis. Technologies, 2020, vol. 8, article no. 76. DOI: 10.3390/technologies8040076.

Lysenko, S., Savenko, O., & Bobrovnikova, K. DDoS Botnet Detection Technique Based on the Use of the Semi-Supervised Fuzzy c-Means Clustering. CEUR-WS, 2018, vol. 2104, pp. 688-695.

Lysenko, S., Bobrovnikova, K., Shchuka, R., & Savenko, O. A Cyberattacks Detection Technique Based on Evolutionary Algorithms. 11th International Conference on Dependable Systems. Services and Technologies (DESSERT), 2020, vol. 1, pp. 127-132. DOI: 10.1109/DESSERT50317.2020.9125016.