METHOD OF ORGANIZING THE FUNCTIONING OF DECEPTIVE SYSTEMS WITH BAITS AND TRAPS IN CORPORATE NETWORKS

Abstract

The work has developed and substantiated a method of organizing the functioning of deception systems with integrated baits and traps in corporate networks. The proposed approach is aimed at increasing the resistance of corporate infrastructure to complex, including dual-target attacks, when attackers combine intelligence and direct influence on network resources. The essence of the method is that the work of baits and traps as part of deception systems is organized dynamically, with the possibility of adaptation to the behavior of a potential violator. For this purpose, population algorithms were used, capable of making real-time decisions regarding the automatic blocking or activation of servers, workstations, as well as appropriate traps or baits at the moment of detection of suspicious actions in the corporate environment. This approach significantly complicates the analysis of the environment for attackers, makes it impossible to predict the behavior of the elements of the deception system, and increases the chance of leading them on the wrong route.

Special attention is paid to the application of the "moth and flame" algorithm in the architecture of deception systems as a mechanism for choosing optimal further steps in the response process. The use of this algorithm allows you to avoid a complete selection of options, ensures quick convergence of decisions under conditions of ongoing influences, and also guarantees a flexible change in the sequence of actions depending on actual changes in the corporate network. In addition, it allows you to take into account the potential opportunities of attackers to carry out dual-target cyber attacks, adapting the behavior of the system according to the level of the threat. The result is a more resilient, more intelligent and less predictable defense architecture that can more effectively counter modern cyber threats.

The detailed design of the architecture of deception systems, the optimization of their placement in corporate networks, and the improvement of mechanisms of interaction between deception components, decoys, and traps to increase the overall level of cyber protection are identified as promising directions for further research.