As we become more reliant on resilient networks, it is increasingly imperative for cybersecurity researchers and professionals to refine their techniques against malicious attacks. Within the realm of network security, cyber deception emerges as a promising defensive technique to leverage the asymmetry between attackers and defenders. However, the lack of a standardized evaluation method makes evaluating the efficacy of deception techniques an arduous task. In this master's thesis, we present PERRY: a realistic, extensible, and automated platform that aims to evaluate the efficacy of various deception techniques via emulation and allows the user fine-grained control over all aspects of the platform.

We demonstrate the effectiveness of PERRY by using it to evaluate several defender profiles against an emulated attacker, running hundreds of trials and comparing the results. We found that allowing a defender to deploy deception techniques in addition to equipping it with telemetry prevents an attacker from completely succeeding in its goals over 80% of the time. Furthermore, employing smarter defender strategies that dynamically adapt to the attacker's actions allows the defender to prevent the attacker from completely succeeding in its goals nearly 95% of the time. Taking advantage of our platform's foundation, future researchers can build upon PERRY and extend it to realistically evaluate other deception techniques against various attackers and in a broad range of scenarios.

41 pages

Thesis Committee:
Vyas Sekar (Chair)
Lujo Bauer

Srinivasan Seshan, Head, Computer Science Department
Martial Hebert, Dean, School of Computer Science

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by reports@cs.cmu.edu