DodgeTron: Towards Autonomous Cyber Deception Using Dynamic Hybrid Analysis of Malware

With the advancement of technology, all our valuable and sensitive information has now moved into digital formats. Adversary utilizes malware as a medium to steal our information for their benefits. Active Cyber Deception (ACD) has emerged prominently to defend a computer system by making the attackers think it is not worth attacking or by presenting falsified data to the attackers, making them believe they achieved their purpose. As the malware is the medium between our systems and adversaries, comprehensive malware analysis is required to find out the ways to present falsified data to mislead the attackers. Nevertheless, developing an active cyber deception with the guidance of comprehensive malware analysis requires human intelligence, effort and insight to characterize the attack behaviors. In this paper, we present DodgeTron, an autonomous cyber deception approach, which performs comprehensive malware behavioral analysis and creates deception schemes automatically by extracting deception parameters that are leveraged by attackers to discover target systems and reach their goal. Thus our approach protects users' by altering these deception parameters to feed false information to the adversaries and corrupt their decisions making automatically without human effort. To make our approach efficient and scalable to deal with a large number of malware samples created per day, we employ machine-learning-based malware classification to reduce the number of malware samples that require an in-depth analysis. We conducted comprehensive evaluations on DodgeTron with recent malware and confirmed its accuracy of 91.18% on average with l.lx to 2. 8x analysis time optimization to achieve deception.