نوع مقاله : مقاله پژوهشی
نویسندگان
1 دانشجوی دکتری، دانشگاه جامع امام حسین (ع)، تهران،ایران
2 استادیار، دانشگاه جامع امام حسین (ع)، تهران، ایران
چکیده
کلیدواژهها
موضوعات
عنوان مقاله [English]
نویسندگان [English]
Today, detecting, tracking, and taking deterrent action against cyber attackers is one of the main challenges in the field of cybersecurity and cyber defense. Traditional attack detection mechanisms, due to their reactive approach to defense and the high rate of false-positive alerts, have complicated the detection process.Various methods have been proposed to address this challenge, and the use of cyber deception traps is one of the effective approaches currently being developed and utilized for targeted and proactive detection of emerging threats. Existing cyber trap solutions, due to their passive structure and one-directional operation, do not lead to deterrence or identification of the origin of the attack.
In this article, an enhanced hybrid trap-network framework called Daloon is proposed. Daloon, through its “Explosive Web Trap” component, enables counterattack and reverse intrusion against trapped attackers and, while identifying and tracking the attacker, provides the capability for punitive action that results in cyber deterrence. Daloon is implemented by designing a fake web trap and simulating the HMI of a SCADA industrial control system and contaminating it with a fake and intentionally crafted code-injection vulnerability as well as several other vulnerabilities. Experimental results show that Daloon performs successfully in detecting and responding to three types of offensive techniques and has successfully carried out reverse intrusion and “counterattack.” The proposed Daloon hybrid trap, with reverse-intrusion capability, leads to the adoption of a proactive cyber defense approach—i.e., defense during the attack—and, in addition to reducing false positives in attack analysis, transforms the one-way process of traditional cyber traps, which are purely defensive and passive, into a two-way process that is offensive and deterrent.
کلیدواژهها [English]
)