Workshop on Active Defense and Deception

The AD&D workshop aims at promoting Active Defense as an effective extra security layer, with the goals of moving the research forward and of encouraging its adoption by the industry. In particular, as the ‘assume breach’ mindset becomes the norm, Active Defenses are becoming one of the most promising solutions.

Traditionally, information security distinguishes the roles of the attacker and the defender. The attacker is active: he gathers information, explores the system, finds vulnerabilities, and executes exploits; while the defender is passive: he collects and monitors the system logs and tries to detect malicious behavior via attack signatures. The attacker knows very well who the victim is, while the defender often has limited information about the attackers, their methods, and their real motivations. This imbalance makes more difficult to defend computer systems and helps the attackers to remain undetected for long periods of time (today it takes on average 40+ days to reveal an attack [*]).

Active defense can mitigate these problems by finding ways to proactively engage with the attackers during the early stages of the attack lifecycle. This can be implemented in various ways, such as by mutating/diversifying the system (i.e, Moving Target Defense), adapting to the attacks in real time (Adaptive defense), and by introducing runtime defenses (e.g., RASP). One important aspect of active defense is deception, where the defender can place enticing traps around the system, mimic vulnerabilities, or obfuscate system elements to deceive, confuse, and mislead possible attackers. Since some of the most destructive attacks (such as supply-chain attacks and phishing campaigns) are composed of multiple stages, active defense has the potential to detect such attacks with rather simple techniques.

Despite the high accuracy promised by these techniques, active defense has not been widely adopted in information security. Possible reasons include the fact that it requires a multidisciplinary approach and a good understanding of the human aspectand the psychology of the attackers, that its effectiveness is hard to quantify, and that it may be difficult to integrate active defense at different layers in the target system.

Thus, this workshop aims to bring together researchers from a variety of fields such as psychology and cognitive science, with experts in different forms of deception for defense, but also in offense techniques (such as social engineering and disinformation). In particular, we aim to address the following questions:

[*] M-Trends 2021 FireEye Mandiant Services Special Report, https://www.mandiant.com/media/11031/download

Call for contributions

AD&D workshop accepts two types of contributions:

The Program Committee will evaluate the submissions based on relevancy, impact, and the potential to spark discussion at the workshop. Interdisciplinary work is appreciated and encouraged.

Areas of Interest

The topics of interest include (but are not limited to):

Note that we exclude the concepts of preemptive attacks, hacking back and counter-attacks. The authors of accepted research papers can choose whether they want their papers to be part of the official proceedings.

Important Dates

Submission Guidelines

Submissions must be in Portable Document Format (.pdf), preferably following the IEEE EuroS&P conference proceedings templates (https://www.ieee-security.org/TC/EuroSP2023/eurosp-2023-template.zip).

Submissions must be provided via https://adnd24.hotcrp.com/ and may be updated at any time until the submission deadline. During the submission process, you will be asked to supply information regarding potential conflicts of interest of the submission’s authors with program committee members. Submissions (except previously accepted papers) should not indicate authors’ names or affiliations (but may reference past work without indicating common authorship).

Workshop Format

One author of each accepted contribution is expected to present the work at the workshop. The format will be traditional conference-style presentations followed by questions and feedback from the audience. Interactive and engaging presentations are welcomed.

Following notification to authors, more information will be provided regarding speaking times and other details. The authors of accepted research papers can choose whether they want their papers to be part of official ADND proceedings. The camera-ready deadline for these papers will be on May 15, 2024.

Organization

General chairs:

Steering Committee

Publicity chair:

Program Committee