Nick Nikiforakis
billytsouvalas.github.io
Description: Workshop on Active Defense and Deception (AD&D)
2nd workshop on active defense and deception (ad&d) (1) 3rd workshop on active defense and deception (ad&d) (1)
The AD&D workshop aims at promoting Active Defense as an effective extra security layer, with the goals of moving the research forward and of encouraging its adoption by the industry. In particular, as the ‘assume breach’ mindset becomes the norm, Active Defenses are becoming one of the most promising solutions.
Traditionally, information security distinguishes the roles of the attacker and the defender. The attacker is active: he gathers information, explores the system, finds vulnerabilities, and executes exploits; while the defender is passive: he collects and monitors the system logs and tries to detect malicious behavior via attack signatures. The attacker knows very well who the victim is, while the defender often has limited information about the attackers, their methods, and their real motivations. This imb
Active defense can mitigate these problems by finding ways to proactively engage with the attackers during the early stages of the attack lifecycle. This can be implemented in various ways, such as by mutating/diversifying the system (i.e, Moving Target Defense), adapting to the attacks in real time (Adaptive defense), and by introducing runtime defenses (e.g., RASP). One important aspect of active defense is deception , where the defender can place enticing traps around the system, mimic vulnerabilities, o
Nick Nikiforakis
billytsouvalas.github.io