Galois awarded Air Force grant For advanced cyber deception technology
Galois announced on January 19 that it has been awarded a $750,000 grant from the Air Force Research Lab (AFRL) to develop a new, advanced network cyber deception technology: Prattle. Prattle generates realistic traffic to tag adversaries monitoring network activity, mislead them about things they may have learned, and cause them to make mistakes that increase the likelihood of detection. The overall goal: to dramatically reduce the capabilities of an attacker that has gained a foothold on a network.
For the two-year SBIR Phase II grant, Galois and Tufts University will lead the research efforts into high fidelity network protocol emulation, while Galois’ subsidiary Formaltech, Inc. will serve as a subcontractor on the grant. Formaltech’s CyberChaff™ cyber deception system – which creates decoy devices on networks that appear as valid, active devices to attackers – will be one commercialization strategy and implementation target for the Prattle project. The other core team members are Fidelis Cybersecurity and PacStar, makers of cybersecurity and networking equipment optimized for defense and enterprise deployment. Their expertise will be used in an additional integration opportunity, in which Prattle is combined with classical defensive solutions to provide more effective traps for attackers.
In Phase I of the project, the project team showed how the Prattle prototype generates highly realistic traffic based on observations of local traffic. For example, Prattle was capable of creating user browsing sessions and encrypted protocol sessions that were extremely difficult to distinguish from real traffic, even for expert observers. The first capability can be used in practice to hide real user browsing traffic – including search histories – amongst a tide of false traffic, while the second can be used to direct adversaries towards attacking less-critical servers and honeypots. Phase II will focus on expanding the generation capability across a wider variety of protocols, and using “honey data” – data tailor-made to misdirect the attacker – to cause them to take some action that is to our advantage.
“The Air Force contract continues our focus on innovative network defense and cyber deception research, targeted at real-world applications,” said Adam Wick, research lead at Galois and principal investigator on the project. “The possible collaboration opportunities with Fidelis offer incredible synergies between classical defensive mechanisms and cyber deception, and the potential future integration with CyberChaff can create truly compelling deception campaigns for a fraction of the cost of traditional honeypots.”