SBIR-STTR Award

One of the most significant weaknesses that faces modern software protection solutions is the reliance on static policies and rule sets that are established based on “known” attack methods at the time of development. In reality, attacks are not static; they adapt over time, and evolve to defeat protections as they are made public. Pikewerks proposes to address both of these weaknesses by developing a system, referred to as Deception Studio that characterizes and appropriately reacts to attackers in real-time. As has been successfully implemented in traditional warfare, it will strive to shape the attacker’s perception, and create an illusion capable of manipulating their planning process. This concept is based on the combat operations process defined by John Boyd referred to as Observe, Orient, Decide, and Act (OODA). Deception Studio will characterize the attack, and tailor defenses based on what is observed.

Keywords:
Software Protection, Intelligent Response, Behavioral Analysis, Dynamic Relocation, Machine Learning, Attacker Characterization, Autonomic Computing

Deception Studio (DS) is a learning, behavior-based defense system for ensuring service availability and trust. DS's learning capabilities include attack detection, prediction, and attribution and can react to attacks in real time by shaping an adversary's perception and creating an illusion capable of manipulating his planning processes. Responses are deployed in a targeted fashion, allowing DS to respond with responses proportionate to the attack without inflicting hard penalties on valid users. Such responses can be both deceptive and active, extending the protection boundary of the system and forcing attackers to react to ever-changing conditions. DS can further provide availability of critical services by moving them out-of-band during ongoing attacks, dynamically migrating an attacker into a decoy environment, or degrading his access while maintaining availability for legitimate users. Before employing such responses, DS includes technology to heal critical services from infection and can also bring this healing technology to bare on compromised systems, returning them to the pool of usable systems. Deception Studio represents the state-of-the-art in active, behavior-based attack detection and prevention systems, imbuing systems with the ability to remain operational, available, and trustworthy through even the most targeted attacks.

Keywords:
Software Survivability, Dynamic Relocation, Vm Relocation, Hypervisor Instrumentation, Machine Learning, Deceptive Response, Active Defense