This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, January 12 • 1:30pm - 2:00pm
I Want Your Flows To Be Lies

Sign up or log in to save this to your schedule and see who's attending!

Real time and recorded flow data can be an incredible boon to systems administrators, by providing a comprehensive vision of how a network functions, or fails to function. Changes in flow data can also be used, to detect anomalous behavior like an intruder, a data exfiltration attempt, or a DDoS attack. All of this is great. So why do I want to fill your flow data with lies?

Flow data provides exactly the same information to an attacker: what servers are important, where the interesting data lies. This data is one reason that sophisticated attackers target routers as one of their first targets: what a great source of information about what is important on the network! Suddenly it is easy to distinguish high-value servers from low-value servers, and real machines from honeypots.

CyberChaff and Prattle are novel network defense solutions that work by creating fake nodes and fake traffic into your networks, to mask the true topology and direct attackers towards alarms. In this talk, I describe how we can use this same infrastructure to mask the real flows on your network, decreasing their value to an adversary and hiding the defensive areas of your network. I'll even show you how to hook your flow data back into Prattle, to ensure that nothing stands out to the attacker.

And then, finally, I'll show how you how you can get the information you wanted back without tipping your hand.

avatar for Adam Wick

Adam Wick

Galois, Inc.
Adam Wick leads the systems software group at Galois, Inc., an R&D company in Portland, OR. Galois does research in formal methods, programming language development, operating systems, compiler engineering, and security. Dr. Wick has worked in a variety of fields at all level of the software stack, from hardware synthesis to web applications, but has recently focused on network and operating system security. Amongst his current jobs, he is... Read More →

Thursday January 12, 2017 1:30pm - 2:00pm
Great Room V-VIII 7450 Hazard Center Dr.

Attendees (17)