Perry: A High-level Framework for Accelerating Cyber Deception Experimentation

TL;DR

Perry is a high-level framework designed to simplify and accelerate the experimentation and evaluation of cyber deception strategies in realistic network environments, addressing current tool limitations.

Contribution

It introduces a novel high-level abstraction layer and modular components for designing, translating, and reasoning about deception scenarios, making experimentation more accessible and flexible.

Findings

Enabled emulation of 55 deception scenarios

Reduced implementation effort for deception experiments

Provided insights into deception tradeoffs

Abstract

Cyber deception aims to distract, delay, and detect network attackers with fake assets such as honeypots, decoy credentials, or decoy files. However, today, it is difficult for operators to experiment, explore, and evaluate deception approaches. Existing tools and platforms have non-portable and complex implementations that are difficult to modify and extend. We address this pain point by introducing Perry, a high-level framework that accelerates the design and exploration of deception what-if scenarios. Perry has two components: a high-level abstraction layer for security operators to specify attackers and deception strategies, and an experimentation module to run these attackers and defenders in realistic emulated networks. To translate these high-level specifications we design four key modules for Perry: 1) an action planner that translates high-level actions into low-level implementations, 2) an observability module to translate low-level telemetry into high-level observations, 3) an environment state service that enables environment agnostic strategies, and 4) an attack graph service to reason about how attackers could explore an environment. We illustrate that Perry's abstractions reduce the implementation effort of exploring a wide variety of deception defenses, attackers, and environments. We demonstrate the value of Perry by emulating 55 unique deception what-if scenarios and illustrate how these experiments enable operators to shed light on subtle tradeoffs.