As consumers flock toward online shopping, a host of personal information is stored electronically, oftentimes in the cloud. Researchers at the University of Missouri (MU) are continually trying to safeguard this digital trove from malicious attackers. To protect the cloud’s lucrative information, the MU team plans to employ a new strategy that centers on an artificial intelligence (AI) system.
“We are interested in the targeted attacks where the attacker is trying to exploit data or critical infrastructure resources, such as blocking data access, tampering facts, or stealing data,” says Prasad Calyam, associate professor of electrical engineering and computer science and the director of Cyber Education and Research Initiative in the MU College of Engineering. “Attackers are trying to use peoples’ compromised resources to infiltrate their data without their knowledge, and these attacks are becoming increasingly significant because attackers are realizing they can make money in a big way like never before.”
The team narrowed their efforts to two types of attacks:
- Hackers attempting to steal consumer data.
- Hackers attempting to steal resources, such as the digital currency bitcoin.
To combat these devious deeds, the novel MU strategy uses both AI and psychology principles to trick the criminal into thinking the attack worked without a hitch. It bestows a sense of “false hope.”
“Our ‘defense by pretense’ system quarantines the attacker and allows the cloud operators to buy time and build a stronger defense for their systems,” explains Calyam. “The quarantine is a decoy that behaves very similar to the real compromised target to keep the attacker assuming that the attack is still succeeding. In a typical cyberattack, the more deeply attackers go in the system, the more they have the ability to go many directions. It becomes like a Whack-A-Mole game for those defending the system. Our strategy simply changes the game, but makes the attackers think they are being successful.”
The strategy also buys the cloud’s defenders more time to amass a more fortified defensive plan for when the hacker inevitabely returns.
To learn more, check out the study, “Intelligent defense using pretense against targeted attacks in cloud platforms,” published in Future Generation Computer Systems.