Date: May 15, 2013 Author: Vik Patel Source: 2013 SBIR National Conference
IP-based private computer networks in government, defense, industry, and homes are increasingly under attack and new methods are needed to protect critical information, especially, after attackers have broken thru firewalls and host-based security systems. Virtual decoys and deception are a new thrust in cyber security.
There are roughly three primary phases to a successful intrusion: gaining access, performing reconnaissance, and exploitation. While the first and third phases have received significant defensive research attention, the middle step of reconnaissance has not. During reconnaissance, the attacker tries to determine the network size, the network services, the versions of software, the type of operating systems, identification of critical nodes such as routers, gateways, and servers; and other network attributes. The attacker uses this information to mount an effective exploit.
Network Obfuscation and Virtualized Anti-reconnaissance system (Nova) is a distributed system of independent, lightweight, scalable, passive, autonomous software agents that serve as honeypots for attackers and prevent reconnaissance from being successful. Nova complements normal intrusion detection systems.
