Instead of blocking hackers, the researchers have created a new cybersecurity defence approach, which involves setting traps for hackers. The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognise and stop future attacks.
DEEP-Dig advances a rapidly growing cybersecurity field known as deception technology, which involves setting traps for hackers.
“There are criminals trying to attack our networks all the time, and normally we view that as a negative thing, instead of blocking them, maybe what we could be doing is viewing these attackers as a source of free labour,” said study researcher Kevin Hamlen from University of Texas in Dallas, US.
“They’re providing us data about what malicious attacks look like. It’s a free source of highly prised data,” Hamlen added.
The approach aims to solve a major challenge to using artificial intelligence (AI) for cybersecurity: a shortage of data needed to train computers to detect intruders. The lack of data is due to privacy concerns. Better data will mean better ability to detect attacks, the researchers said.
“We’re using the data from hackers to train the machine to identify an attack, we’re using deception to get better data,” said study researcher Gbadebo Ayoade.
Hackers typically begin with their simplest tricks and then use increasingly sophisticated tactics, the researchers said.
But most cyberdefense programmes try to disrupt intruders before anyone can monitor the intruders’ techniques. DEEP-Dig will give researchers a window into hackers’ methods as they enter a decoy site stocked with disinformation.
The decoy site looks legitimate to intruders and attackers will feel they’re successful, said study researcher Latifur Khan.
As hackers’ tactics change, DEEP-Dig could help cybersecurity defence systems keep up with their new tricks. According to the researchers, while DEEP-Dig aims to outsmart hackers, it might be possible that hackers could have the last laugh if they realise they have entered a decoy site and try to deceive the programme.
“So far, we’ve found this doesn’t work. When an attacker tries to play along, the defence system just learns how hackers try to hide their tracks, it’s an all-win situation — for us, that is,” Hamlen said.
The study was presented at the annual Computer Security Applications Conference in December in Puerto Rico.