Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception
Loading...
Authors
Rowe, Neil C.
Goh, Han C.
Subjects
deception
computers
reconnaissance
honeypot
packets
cost
networks
computers
reconnaissance
honeypot
packets
cost
networks
Advisors
Date of Issue
2007-06
Date
June 2007
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
One of the best ways to defend a computer system is to make attackers think it is not worth attacking. Deception or
inconsistency during attacker reconnaissance can be an effective way to encourage this. We provide some theory of its advantages
and present some data from a honeypot that suggests ways it could be fruitfully employed. We then report on experiments that
manipulated packets of attackers of a honeypot using Snort Inline. Results show that attackers definitely responded to deceptive
manipulations, although not all the responses helped defenders. We conclude with some preliminary results on analysis of “last
packets” of a session which indicate more precisely what clues turn attackers away.
Type
Conference Paper
Description
This paper appeared in the Proceedings of the 8th IEEE Workshop on Information Assurance, West Point, NY, June 2007.
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
supported in part by the National Science Foundation under the Cyber Trust program
Funder
Format
Citation
Proceedings of the 8th IEEE Workshop on Information Assurance, West Point, NY, June 2007.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.