RICHLAND, Wash.–Scientists have created a cybersecurity expertise known as Shadow Figment that’s designed to lure hackers into a synthetic world, then cease them from doing injury by feeding them illusory tidbits of success.
The purpose is to sequester unhealthy actors by fascinating them with an attractive–but imaginary–world.
The expertise is aimed toward defending bodily targets–infrastructure comparable to buildings, the electric grid, water and sewage techniques, and even pipelines. The expertise was developed by scientists on the U.S. Division of Power’s Pacific Northwest National Laboratory.
The start line for Shadow Figment is an oft-deployed expertise known as a honeypot–something engaging to lure an attacker, maybe a fascinating goal with the looks of quick access.
However whereas most honeypots are used to lure attackers and examine their strategies, Shadow Figment goes a lot additional. The expertise makes use of synthetic intelligence to deploy elaborate deception to maintain attackers engaged in a fake world–the figment–that mirrors the actual world. The decoy interacts with customers in actual time, responding in reasonable methods to instructions.
“Our intention is to make interactions appear reasonable, in order that if somebody is interacting with our decoy, we hold them concerned, giving our defenders additional time to reply,” mentioned Thomas Edgar, a PNNL cybersecurity researcher who led the event of Shadow Figment.
Exploiting attackers’ “success”
The system rewards hackers with false alerts of success, retaining them occupied whereas defenders study in regards to the attackers’ strategies and take actions to guard the actual system.
The credibility of the deception depends on a machine studying program that learns from observing the real-world system the place it’s put in. This system responds to an assault by sending alerts that illustrate that the system underneath assault is responding in believable methods. This “model-driven dynamic deception” is far more reasonable than a static decoy, a extra frequent instrument that’s rapidly acknowledged by skilled cyberattackers.
Shadow Figment spans two worlds that years in the past had been impartial however at the moment are intertwined: the cyber world and the bodily world, with elaborate buildings that depend on complicated industrial management techniques. Such techniques are extra typically within the crosshairs of hackers than ever earlier than. Examples embody the takedown of huge parts of the electrical grid within the Ukraine in 2015, an assault on a Florida water provide earlier this yr, and the current hacking of the Colonial pipeline that affected gasoline provides alongside the East Coast.
Bodily techniques are so complicated and immense that the variety of potential targets–valves, controls, pumps, sensors, chillers and so on–is boundless. 1000’s of gadgets work in live performance to carry us uninterrupted electrical energy, clear water and comfy working circumstances. False readings fed right into a system maliciously may trigger electrical energy to close down. They might drive up the temperature in a constructing to uncomfortable or unsafe ranges, or change the focus of chemical compounds added to a water provide.
Shadow Figment creates interactive clones of such system in all their complexity, in ways in which skilled operators and cyber criminals would anticipate. For instance, if a hacker turns off a fan in a server room within the synthetic world, Shadow Figment responds by signaling that air motion has slowed and the temperature is rising. If a hacker adjustments a setting to a water boiler, the system adjusts the water circulation charge accordingly.
Shadow Figment: undermining in poor health intent
The intent is to distract unhealthy actors from the actual management techniques, to funnel them into a synthetic system the place their actions haven’t any impression.
“We’re shopping for time so the defenders can take motion to cease unhealthy issues from occurring,” Edgar mentioned. “Even a couple of minutes is usually all you must cease an assault. However Shadow Figment must be one piece of a broader program of cybersecurity protection. There isn’t a one answer that could be a magic bullet.”
PNNL has utilized for a patent on the expertise, which has been licensed to Attivo Networks. Shadow Figment is one among 5 cybersecurity applied sciences created by PNNL and packaged collectively in a set known as PACiFiC.
“The event of Shadow Figments is yet one more instance of how PNNL scientists are targeted on defending the nation’s crucial property and infrastructure,” mentioned Kannan Krishnaswami, a commercialization supervisor at PNNL. “This cybersecurity instrument has far-reaching functions in authorities and personal sectors–from metropolis municipalities, to utilities, to banking establishments, manufacturing, and even well being suppliers.”
“The event of Shadow Figment illustrates how PNNL expertise makes a distinction in so many lives,” mentioned Kannan Krishnaswami, a commercialization supervisor at PNNL. “The Laboratory’s analysis supplies safety towards an array of threats, together with cyberattacks.”
The staff’s most up-to-date results had been revealed within the spring issue of the Journal of Information Warfare.
Edgar’s colleagues on the undertaking embody William Hofer, Juan Brandi-Lozano, Garrett Seppala, Katy Nowak and Draguna Vrabie. The work was funded by PNNL and by DOE’s Workplace of Expertise Transitions.
Disclaimer: AAAS and EurekAlert! should not liable for the accuracy of reports releases posted to EurekAlert! by contributing establishments or for using any info by means of the EurekAlert system.