Location: Jabara Hall, Room 260

Speaker
Md Sajidul Islam Sajid, Research Assistant, The University of North Carolina at Charlotte

Abstract
The traditional approach to cyber defense has proven to be insufficient, as attackers have the advantage of identifying targets and launching covert attacks. While the defender must patch all system vulnerabilities, the adversary must find only one exploit to abuse. Active Cyber Deception (ACD) has emerged as effective means to reverse this asymmetry by dynamically orchestrating the cyber deception environment to mislead attackers and corrupt their decision-making process. However, creating an efficient ACD system requires human expertise and in-depth malware analysis to understand attack behaviors. Automated understanding and deployment of deception systems face several key challenges, such as advanced dynamic malware analysis that is time-intensive and resource-demanding, manual identification of malware behaviors that are not scalable, and the existing deception methods that lack agility, robustness, and automation. My research addresses these shortcomings by developing solutions that include a comprehensive dynamic malware analysis agent that performs optimal symbolic execution without running into path explosion problems, an extracting agent that extracts deception parameters and Malicious Sub-graphs (MSGs) from real-world malware and maps them to MITRE ATT&CK techniques utilizing natural language processing, an orchestration engine that provides deception as a service and orchestrates a deceptive environment at runtime utilizing API hooking and/or HoneyThings.