To enhance the protection of Navy operations and reinforce resilience of Navys supply chain, Eccalon will develop a Maritime/Nautical Cyber Secure Tool (MCST) to create highly anticipatory and responsive cyber decoys that will collect analytical data to characterize and determine the intent and capabilities of sophisticated attackers. The project will first build realistic and interactive cyber decoys to lure attackers away from high value network components that have store critical data. During the decoys interaction with attackers, the system will collect data on the attackers techniques, behavior, and target data to build a signature set used to characterize the objectives of an attack. Based on this signature set and historical data, Eccalon will use advanced analytics to characterize attack targets, the overall intention of the actors, their organization, and the level of their capabilities.
Benefit: Currently, military and commercial systems contend with numerous of malware developers selling and renting out their malicious tools. Military weapons systems are at risk of zero-day exploits by sophisticated attackers. At the same time, attacks can circumvent legacy detection approaches due to the proliferation of advanced evasion techniques that have been commoditized. Existing cyber defense technologies struggle against the increasing sophistication of attackers. Security layer technologies seek primarily to defend a perimeter, but firewalls and end-point security can never be 100% effective. The wide variety of services and accessible information means it is no longer possible to reliably secure what is now a perimeter-less border. Generally, once inside, attackers can potentially operate for a long time before anyone notices. MCST will use HoneyPots (HPs), which have previously been deployed by defenders and security researchers to conduct surveillance of adversaries attacking their networks. HPs are real systems deployed on a network with the intention of them being attacked. HPs vary in complexity, and some researchers have deployed multiple interacting HPs as part of HoneyNets (HNs). MCST will also use HoneyCreds (HCs), which are user credentials that serve to alert when an adversary is using a credential that they should not have. When this HC is used, a defender is alerted to a malicious actor on their network. One of the major limitations of current Honey Controls (HPs, HNs, and HCs) is that they are static in their design and utilization. The HPs and HNs typically are just deployed and left to wait for an adversary to probe or attack them. MCST will provide operators the capability to create HPs that utilize interactive lures or breadcrumbs. The Honey controls developed using the MCST, unlike typical ones, will interact with each other in a realistic way that most computer or network users would expect which makes them harder to be identified as Honey Controls by more sophisticated attackers. Because of their dynamic nature, the MCST controls will also keep attackers engaged and potentially for future attacks. Eccalon will do this by putting in credentials and mapped drive objects to attract engagement of decoys in the network, in the cloud, and in specialized places like the Internet of Things (IoT), Point of Sale (POS), Industrial Control System (ICS), network and telecommunications environments. The MCST would be able to cover an ever-changing attack surface, attack methods and integrated with other security methods. Adding to the communitys cyber defense arsenal, Eccalon envisions a tool which would combine breadcrumbs placed on real machines that lead to virtual nodes, with zero trust technology, sandboxing, a sophisticated trust and event center, and predictive behavior profiling. Together, this approach forms an integrated system, the MCST, that dramatically increases the resource cost and detectability of a cyber-attack for an adversary, and for the first time, changes the balance of power when responding to a cyber incident.
Keywords: Artificial Intelligence, Artificial Intelligence, cybersecurity, Cyber risk assessment, Machine Learning, Honeypot
