Role-Based Deception in Enterprise Networks
Iffat Anjum, Mu Zhu, Isaac Polinsky, William Enck, Michael K. Reiter,, Munindar Singh
TL;DR
This paper introduces HoneyRoles, a role-based deception technique using honey connections in enterprise networks to mislead attackers and detect compromises, enhancing network security with minimal performance impact.
Contribution
The paper presents HoneyRoles, a novel role-based deception method employing honey connections and network canaries, implemented via SDN, to detect and dissuade adversaries in enterprise networks.
Findings
HoneyRoles effectively deceives attackers targeting high-value hosts.
The implementation incurs minimal network request delays.
HoneyRoles can quickly identify compromised switches with high probability.
Abstract
Historically, enterprise network reconnaissance is an active process, often involving port scanning. However, as routers and switches become more complex, they also become more susceptible to compromise. From this vantage point, an attacker can passively identify high-value hosts such as the workstations of IT administrators, C-suite executives, and finance personnel. The goal of this paper is to develop a technique to deceive and dissuade such adversaries. We propose HoneyRoles, which uses honey connections to build metaphorical haystacks around the network traffic of client hosts belonging to high-value organizational roles. The honey connections also act as network canaries to signal network compromise, thereby dissuading the adversary from acting on information observed in network flows. We design a prototype implementation of HoneyRoles using an OpenFlow SDN controller and evaluate…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.