The AD&D workshop aims at promoting Active Defense as an effective extra security layer, with the goals of moving the research forward and of encouraging its adoption by the industry. In particular, as the ‘assume breach’ mindset becomes the norm, Active Defenses are becoming one of the most promising solutions.
Traditionally, information security distinguishes the roles of the attacker and the defender. The attacker is active: he gathers information, explores the system, finds vulnerabilities, and executes exploits; while the defender is passive: he collects and monitors the system logs and tries to detect malicious behavior via attack signatures. The attacker knows very well who the victim is, while the defender often has limited information about the attackers, their methods, and their real motivations. This imbalance makes more difficult to defend computer systems and helps the attackers to remain undetected for long periods of time (today it takes on average 40+ days to reveal an attack [*]).
Active defense can mitigate these problems by finding ways to proactively engage with the attackers during the early stages of the attack lifecycle. This can be implemented in various ways, such as by mutating/diversifying the system (i.e, Moving Target Defense), adapting to the attacks in real time (Adaptive defense), and by introducing runtime defenses (e.g., RASP). One important aspect of active defense is deception, where the defender can place enticing traps around the system, mimic vulnerabilities, or obfuscate system elements to deceive, confuse, and mislead possible attackers. Since some of the most destructive attacks (such as supply-chain attacks and phishing campaigns) are composed of multiple stages, active defense has the potential to detect such attacks with rather simple techniques.
Despite the high accuracy promised by these techniques, active defense has not been widely adopted in information security. Possible reasons include the fact that it requires a multidisciplinary approach and a good understanding of the human aspectand the psychology of the attackers, that its effectiveness is hard to quantify, and that it may be difficult to integrate active defense at different layers in the target system.
Thus, this workshop aims to bring together researchers from a variety of fields such as psychology and cognitive science, with experts in different forms of deception for defense, but also in offense techniques (such as social engineering and disinformation). In particular, we aim to address the following questions:
[*] M-Trends 2021 FireEye Mandiant Services Special Report, https://www.mandiant.com/media/11031/download
AD&D workshop accepts three types of contributions:
Research Papers: Traditional research papers with novel contributions, must be no longer than five pages, including all figures. References and appendices will not count towards this limit, but reviewers are not required to read the appendices. Submissions must be anonymized.
Research Proposals: Single page proposals describing research ideas. A proposal should consist of a title, abstract, and brief motivation for and description of the idea. Proposals can describe an ongoing research in various stages, or a novel idea or challenge. The aim is to allow the authors to refine their ideas via the feedback from the workshop audience, to stimulate more research ideas, and to encourage collaborations. Submitted proposals must be no longer than one page in double column format, including all figures. References and appendices will not count towards this limit, but reviewers are not required to read the appendices. Proposals do not need to include proof-of-concept or preliminary results. Submissions must be anonymized.
Presentation of previously accepted papers: Authors of previously accepted papers (that are of interest to the workshop) can resubmit their papers to be able to present them in the workshop. For such contributions, there is no page limitation on the submission, and anonymization is not necessary.
The Program Committee will evaluate the submissions based on relevancy, impact, and the potential to spark discussion at the workshop. Interdisciplinary work is appreciated and encouraged.
The topics of interest include (but are not limited to):
Note that we exclude the concepts of preemptive attacks, hacking back and counter-attacks. The authors of accepted research papers can choose whether they want their papers to be part of the official proceedings.
Submissions must be in Portable Document Format (.pdf), preferably following the IEEE EuroS&P conference proceedings templates (https://www.ieee-security.org/TC/EuroSP2023/eurosp-2023-template.zip).
Submissions must be provided via https://adnd23.hotcrp.com/ and may be updated at any time until the submission deadline. During the submission process, you will be asked to supply information regarding potential conflicts of interest of the submission’s authors with program committee members. Submissions (except previously accepted papers) should not indicate authors’ names or affiliations (but may reference past work without indicating common authorship).
One author of each accepted contribution is expected to present the work at the workshop. The format will be traditional conference-style presentations followed by questions and feedback from the audience. Interactive and engaging presentations are welcomed.
Following notification to authors, more information will be provided regarding speaking times and other details. The authors of accepted research papers can choose whether they want their papers to be part of official ADND proceedings. The camera-ready deadline for these papers will be on May 15, 2023.