OSINT-Based LPC-MTD and HS-Decoy for Organizational Defensive Deception

• Main Authors: Sang Seo, Dohoon Kim
• Format: Article
• Language: English
• Published: MDPI AG 2021-04-01
• Series: Applied Sciences
• Subjects: cyber deception; moving target defense; decoy; open-source intelligence; social engineering
• Online Access: https://www.mdpi.com/2076-3417/11/8/3402

This study aimed to alleviate the theoretical limitations of existing moving target defense (MTD) and decoy concepts and improve the efficiency of defensive deception technology within an organization. We present the concept of an open-source intelligence (OSINT)-based hierarchical social engineering decoy (HS-Decoy) strategy while considering the actual fingerprint of each organization. In addition, we propose a loosely proactive control-based MTD strategy that is based on the intended competitive exposure of OSINT between defenders and attackers. Existing MTDs and decoys are biased toward proactive prevention, in that they only perform structural mutation-based attack avoidance or induce static traps. They also have practical limitations, e.g., they do not consider security characterization of each organizational social engineering attack and related utilization plans, no quantitative deception modeling is performed for the attenuation of the attack surface through exposure to OSINT, and there is no operational plan for optimal MTD and decoy application within the organization. Through the applied deception concepts proposed here, the total attack efficiency was reduced by 287% compared to the existing MTD and decoys, while the artificial deception efficiency dominated by defenders was improved by 382%. In addition, the increase rate of deception overhead was also reduced by 174%, and an optimized deceptive trade-off was also presented. In order to enable an organization to utilize the OSINT concept, statistical error reduction, and MTD mutation cycle-based deceptive selectivity, it was introduced as a loose adaptive mutation rather than a preferential avoidance strategy, and an organization-specific optimization direction was introduced through a combination of HS-Decoy and LPC-MTD. In the future, in order to improve the operational reliability of the HS-Decoy and LPC-MTD-based combined model and standardize threat information for each organization, we intend to advance it into an international standard-based complex architecture and characterize it as game theory.