HADES: The High-Fidelity Adaptive Deception & Emulation System

Organization: Sandia National Laboratories
Year: 2017

The High-Fidelity Adaptive Deception & Emulation System (HADES) takes advantage of several emerging technologies in cloud computing, software-defined networking, virtual machine introspection (VMI), dynamic deception and analytics, to radically change the way cyber defenders protect their networks and gain insight into an adversary’s methods. The system aids in detection of cyber intrusions and then live-migrates the attacker into a realistic deception environment that is a high fidelity, functioning copy of the breached environment. It then isolates the deception environment from the host system to protect its data and offers the defender an undetectable but omniscient view of the attacker’s movements. Next, it enables instantaneous adjustment to the adversary’s changing attack vectors through modifications to the deception environment and provides a rich set of analytics about the attack for both real-time and post-event analysis, which is useful for developing improved protections against future attacks. HADES is the first single suite of tools that combines a full-spectrum, multidimensional approach to creating deceptions, while invisibly extracting information and modifying the environment in real-time.