Testing Deception Tactics in Response to Cyberattacks
Loading...
Authors
Frederick, Erwin E.
Rowe, Neil C.
Wong, Albert B. G.
Subjects
deception
cyberattacks
honeypots
tactics
Honeyd
Snort Inline
packets
scripts
cyberattacks
honeypots
tactics
Honeyd
Snort Inline
packets
scripts
Advisors
Date of Issue
2012-06-11
Date
June 2012
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Deception can be a useful tool in defending computer systems against cyberattacks because it is
unexpected and offers much variety of tactics. It is particularly useful for sites of critical infrastructure for which
multiple defenses are desirable. We have developed an experimental approach to finding deceptive tactics for system
defense by trying a variety of tactics against live Internet traffic and seeing what responses we get. These experiments
are easiest to do on a honeypot, a computer system designed solely as an attack target. We report on three kinds of
experiments with deceptive honeypots: one with modifying attack packets using Snort Inline, one with scripted
responses to attacks using Honeyd, and one with a fake Web site. We found evidence of responses to our deceptions,
sometimes in the form of increased session lengths and sometimes by disappearance of attackers. Some benefit was
obtained by varying the deceptions over time. These results are encouraging for developing more comprehensive
automated deception strategies for defending computer systems, and provide a new experimentation methodology for
systematically developing deception plans.
Type
Conference Paper
Description
This paper appeared in the Proceedings of the National Symposium on Moving Target Research, Annapolis,
Maryland, USA, June 11, 2012.
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
supported in part by the National Science Foundation under grant 0429411 and by the Air Force Research Institute
Funding
Format
Citation
Proceedings of the National Symposium on Moving Target Research, Annapolis,
Maryland, USA, June 11, 2012.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.