A Framework for Studying Autonomic Computing Models in Cyber Deception

Cyber deception has emerged as a promising approach to increase the amount of effort required to conduct an attack campaign. Since the beginning of deception, several honey-based technologies have been built to defend individual portions of a network attack surface. Different honey-based technologies can be combined to further increase attackers’ cost and elicit behaviors from them which facilitate understanding their intentions and capabilities. Combining different deceptive elements would create a deceptive network surface. As attackers vary in their intentions and capabilities, presenting them with a one-size-fits-all deceptive network surface is inadequate. Therefore, there is clear need for dynamic deceptive network surfaces that are tailored to protect against different adversary classes. In a resource-constrained environment, enabling large-scale monitoring, data processing, deception planning and subsequently, deploying a customized deceptive network surface in real-time will be challenging if done manually. We envision that models inspired from the autonomic computing paradigm can efficiently tackle such challenges. To enable the development of such models and provide empirical evidence to validate their efficacy, in this chapter, we will present a framework that can act as a common platform to study different autonomic computing models. The framework is built on top of an existing deception platform called ACyDS. We will describe the current platform and enumerate its capabilities such as sensing the environment and generating deceptive network surfaces. We will also show how a well-known autonomic computing architecture called MAPE-K can be realized through our framework.