Abstract

In this paper we describe ACyDS, an adaptive cyber deception system. ACyDS provides a unique virtual network view to each host in an enterprise network. That is, a host's view of its network, including subnet topology and IP address assignments of reachable hosts and servers, does not reflect physical network configurations and is different than the view of any other host in the network. ACyDS generates network views with the desired properties dynamically; it also changes every host's network view on-the-fly. ACyDS's deception approach (i) deters reconnaissance if an intruder has compromised a host in the network, (ii) prevents collusion if multiple hosts have been compromised, and (iii) increases the likelihood and confidence of detecting the presence of intruders.