Workshop on Active Defense and Deception

The AD&D workshop aims at promoting Active Defense as an effective extra security layer, with the goals of moving the research forward and of encouraging its adoption by the industry. In particular, as the ‘assume breach’ mindset becomes the norm, Active Defenses are becoming one of the most promising solutions.

Traditionally, information security distinguishes the roles of the attacker and the defender. The attacker is active: he gathers information, explores the system, finds vulnerabilities, and executes exploits; while the defender is passive: he collects and monitors the system logs and tries to detect malicious behavior via attack signatures. The attacker knows very well who the victim is, while the defender often has limited information about the attackers, their methods, and their real motivations. This imbalance makes it more difficult to defend computer systems and helps the attackers to remain undetected for long periods of time (today it takes on average 40+ days to uncover an attack [*]).

Active defense can mitigate these problems by finding ways to proactively engage with the attackers during the early stages of the attack lifecycle. This can be implemented in various ways, such as by mutating/diversifying the system (i.e, Moving Target Defense), adapting to the attacks in real time (Adaptive defense), and by introducing runtime defenses (e.g., RASP). One important aspect of active defense is deception, where the defender can place enticing traps around the system, mimic vulnerabilities, or obfuscate system elements to deceive, confuse, and mislead possible attackers. Since some of the most destructive attacks (such as supply-chain attacks and phishing campaigns) are composed of multiple stages, active defense has the potential to detect such attacks with straightforward techniques. Despite the high accuracy promised by these techniques, active defense has not been widely adopted in information security. Possible reasons include the fact that it requires a multidisciplinary approach and a good understanding of the human aspect and the psychology of the attackers, that its effectiveness is hard to quantify, and that it may be difficult to integrate active defense at different layers in the target system.

Thus, this workshop aims to bring together researchers from a variety of fields such as psychology and cognitive science, with experts in different forms of deception for defense, but also in offense techniques (such as social engineering and disinformation). In particular, we aim to address the following questions:

[*] M-Trends 2021 FireEye Mandiant Services Special Report, https://www.mandiant.com/media/11031/download

Call for contributions

For its first edition, AD&D workshop accepts three types of contributions:

Organizing committee will evaluate the submissions based on relevancy, impact, and the potential to spark discussion at the workshop. Interdisciplinary work is appreciated and encouraged.

Important Dates

Areas of Interest

The topics of interest include (but are not limited to):

Note that we exclude the concepts of preemptive attacks, hacking back and counter-attacks.

Submission Guidelines

Submissions must be in Portable Document Format (.pdf), preferably following the IEEE EuroS&P conference proceedings templates (https://www.ieee-security.org/TC/EuroSP2022/eurosp-2022-template.zip).

Submissions must be provided via https://adnd22.hotcrp.com/ and may be updated at any time until the submission deadline. During the submission process, you will be asked to supply information regarding potential conflicts of interest of the submission’s authors with program committee members. Submissions (except previously accepted papers) should not indicate authors’ names or affiliations (but may reference past work without indicating common authorship).

Workshop Format

One author of each accepted contribution is expected to present the work at the workshop. The format will be traditional conference-style presentations followed by questions and feedback from the audience. Interactive and engaging presentations are welcomed.

Following notification to authors, more information will be provided regarding speaking times and other details. The authors of accepted research papers can choose whether they want their papers to be part of official ADND proceedings. The camera-ready deadline for these papers will be on April 15, 2022.

Organization

General chairs:

Publicity chair: