Software deception steering through version emulation

Frederico Araujo, Sailik Sengupta, Jiyong Jang, Adam Doupé, Kevin W. Hamlen, Subbarao Kambhampati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations


Determined cyber adversaries often strategize their attacks by carefully selecting high-value target machines that host insecure (e.g., unpatched) legacy software. In this paper, we propose a moving-target approach to thwart and countersurveil such adversaries, wherein live (non-decoy) enterprise software services are automatically modified to deceptively emulate vulnerable legacy versions that entice attackers. A game-theoretic framework chooses which emulated software stacks, versions, configurations, and vulnerabilities yield the best defensive payoffs and most useful threat data given a specific attack model. The results show that effective movement strategies can be computed to account for pragmatic aspects of deception, such as the utility of various intelligence-gathering actions, impact of vulnerabilities, performance costs of patch deployment, complexity of exploits, and attacker profile.

Original languageEnglish (US)
Title of host publicationProceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
EditorsTung X. Bui
PublisherIEEE Computer Society
Number of pages10
ISBN (Electronic)9780998133140
StatePublished - 2021
Event54th Annual Hawaii International Conference on System Sciences, HICSS 2021 - Virtual, Online
Duration: Jan 4 2021Jan 8 2021

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
ISSN (Print)1530-1605


Conference54th Annual Hawaii International Conference on System Sciences, HICSS 2021
CityVirtual, Online

ASJC Scopus subject areas

  • Engineering(all)


Dive into the research topics of 'Software deception steering through version emulation'. Together they form a unique fingerprint.

Cite this