Computer scientists' new tool fools hackers into sharing keys for better cybersecurity

February 27, 2020

Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.

The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers' tactics. The information is then used to train the computer to recognize and stop future attacks.

UT Dallas researchers presented a paper on their work, "Improving Intrusion Detectors by Crook-Sourcing," at the annual Computer Security Applications Conference in December in Puerto Rico. They presented another paper, "Automating Cyberdeception Evaluation with Deep Learning," in January at the Hawaii International Conference of System Sciences.

DEEP-Dig advances a rapidly growing cybersecurity field known as deception technology, which involves setting traps for hackers. Researchers hope that the approach can be especially useful for defense organizations.

"There are criminals trying to attack our networks all the time, and normally we view that as a negative thing," said Dr. Kevin Hamlen, Eugene McDermott Professor of computer science. "Instead of blocking them, maybe what we could be doing is viewing these attackers as a source of free labor. They're providing us data about what malicious attacks look like. It's a free source of highly prized data."

The approach aims to solve a major challenge to using artificial intelligence for cybersecurity: a shortage of data needed to train computers to detect intruders. The lack of data is due to privacy concerns. Better data will mean better ability to detect attacks, said Gbadebo Ayoade MS'14, PhD'19, who presented the findings at the recent conferences.

"We're using the data from hackers to train the machine to identify an attack," said Ayoade, now a data scientist at Procter & Gamble Co. "We're using deception to get better data."

Hackers typically begin with their simplest tricks and then use increasingly sophisticated tactics, Hamlen said. But most cyberdefense programs try to disrupt intruders before anyone can monitor the intruders' techniques. DEEP-Dig will give researchers a window into hackers' methods as they enter a decoy site stocked with disinformation. The decoy site looks legitimate to intruders, said Dr. Latifur Khan, professor of computer science at UT Dallas.

"Attackers will feel they're successful," Khan said.

Governmental agencies, businesses, nonprofits and individuals face a constant threat from cyberattacks, which cost the U.S. economy more than $57 billion in 2016, according to a report to the White House from the Council of Economic Advisers.

As hackers' tactics change, DEEP-Dig could help cybersecurity defense systems keep up with their new tricks.

"It's an endless game," Khan said.

While DEEP-Dig aims to outsmart hackers, is it possible that hackers could have the last laugh if they realize they have entered a decoy site and try to deceive the program?

Maybe, Hamlen said. But that possibility does not worry him.

"So far, we've found this doesn't work. When an attacker tries to play along, the defense system just learns how hackers try to hide their tracks," Hamlen said. "It's an all-win situation -- for us, that is."
Other researchers involved in the work included Frederico Araujo PhD'16, research scientist at IBM's Thomas J. Watson Research Center; Khaled Al-Naami PhD'17; Yang Gao, a UT Dallas computer science graduate student; and Dr. Ahmad Mustafa of Jordan University of Science and Technology.

The research was supported in part by the Office of Naval Research, the National Security Agency, the National Science Foundation and the Air Force Office of Scientific Research.

University of Texas at Dallas

Related Data Articles from Brightsurf:

Keep the data coming
A continuous data supply ensures data-intensive simulations can run at maximum speed.

Astronomers are bulging with data
For the first time, over 250 million stars in our galaxy's bulge have been surveyed in near-ultraviolet, optical, and near-infrared light, opening the door for astronomers to reexamine key questions about the Milky Way's formation and history.

Novel method for measuring spatial dependencies turns less data into more data
Researcher makes 'little data' act big through, the application of mathematical techniques normally used for time-series, to spatial processes.

Ups and downs in COVID-19 data may be caused by data reporting practices
As data accumulates on COVID-19 cases and deaths, researchers have observed patterns of peaks and valleys that repeat on a near-weekly basis.

Data centers use less energy than you think
Using the most detailed model to date of global data center energy use, researchers found that massive efficiency gains by data centers have kept energy use roughly flat over the past decade.

Storing data in music
Researchers at ETH Zurich have developed a technique for embedding data in music and transmitting it to a smartphone.

Life data economics: calling for new models to assess the value of human data
After the collapse of the blockchain bubble a number of research organisations are developing platforms to enable individual ownership of life data and establish the data valuation and pricing models.

Geoscience data group urges all scientific disciplines to make data open and accessible
Institutions, science funders, data repositories, publishers, researchers and scientific societies from all scientific disciplines must work together to ensure all scientific data are easy to find, access and use, according to a new commentary in Nature by members of the Enabling FAIR Data Steering Committee.

Democratizing data science
MIT researchers are hoping to advance the democratization of data science with a new tool for nonstatisticians that automatically generates models for analyzing raw data.

Getting the most out of atmospheric data analysis
An international team including researchers from Kanazawa University used a new approach to analyze an atmospheric data set spanning 18 years for the investigation of new-particle formation.

Read More: Data News and Data Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to