Deflecting Hacker’s Attack Seems Possible by Establishing a Decoy Network

Printer-friendly versionSend by emailPDF version

It seems impossible to witness computer networks floating like a butterfly, but the scientists from Penn State suggest that generating nimble networks that can intellect jabs from hackers could help deflect the stinging volumes of such attacks. 

“It is because of the stable characteristic of a computer network that offers advantage to the hacker,” says Dinghao Wu, an assistant lecturer of technology and information sciences. “Hackers can spend months or years to study the network and identify vulnerabilities. When they come to use that information for attacking, the network usually has not altered and such vulnerabilities are still present.”

The scientists created a computer protection system that can sense possible volume of malicious probes of the network and then redirects that attack to a real-time network that offers less information about the virtual network. The very first step a hacker takes when confronting a network is an analysis to gain data about the system like the types of software and their versions, hardware network, operating systems and more. Rather than trying to combat such hacker’s scans, scientists organize a detector to supervise incoming web traffic to identify when hackers are examining the network.

“It is not realistic to stop all scanning procedures, but it is possible to inform when a malicious scan is occurring,” says Wu. “If it is a big scale scan, then typically it is malicious.” According to Li Wang, a doctoral student in technology and information sciences, once a malicious scan is identified, the scientists utilize a network device known as reflector for redirecting the traffic to a shade or protective network.

“A basic strategy would be to generate a shadow network environment that has the same appearance as the protection domain,” says Wang. “It can offer similar number of nodes, configurations and network topology to fool the hackers. Such shadow networks can be generated to boost complex network structures.”

The system, that is a sort of defence known in the computer arena as a motion target defence, also offers network administrators the option to conveniently alter parts of the virtual system of shadow network, making it more troubling for hackers to analyse the success of their scans.

Since the reflector can function as a common network gadget when no hazardous attacks are created, there must be a small effect on the performance and functionality of virtual network, according to Wu.

The scientists generated a prototype for the system and analysed it on an augmented network that operated on a computer – a real-time local area network. This enabled them to augment both the defence and attack without typically utilizing an actual network. As a result, the prototype was able to identify the incoming scan and refract it to a shadow network.

As per the researchers, the information and statistics that was captured from the attack scan had just helped to produce information from the shadow network. According to Wu, the next step would be to deploy the system in a virtual network. The study has been supported by the Penn State Fund for Innovation, Office of Naval Research and National Science Foundation.