Testing Deception Tactics in Response to Cyberattacks
| dc.contributor.author | Frederick, Erwin E. | |
| dc.contributor.author | Rowe, Neil C. | |
| dc.contributor.author | Wong, Albert B. G. | |
| dc.contributor.department | Computer Science (CS) | |
| dc.date | June 2012 | |
| dc.date.accessioned | 2013-10-08T18:17:05Z | |
| dc.date.available | 2013-10-08T18:17:05Z | |
| dc.date.issued | 2012-06-11 | |
| dc.description | This paper appeared in the Proceedings of the National Symposium on Moving Target Research, Annapolis, Maryland, USA, June 11, 2012. | en_US |
| dc.description.abstract | Deception can be a useful tool in defending computer systems against cyberattacks because it is unexpected and offers much variety of tactics. It is particularly useful for sites of critical infrastructure for which multiple defenses are desirable. We have developed an experimental approach to finding deceptive tactics for system defense by trying a variety of tactics against live Internet traffic and seeing what responses we get. These experiments are easiest to do on a honeypot, a computer system designed solely as an attack target. We report on three kinds of experiments with deceptive honeypots: one with modifying attack packets using Snort Inline, one with scripted responses to attacks using Honeyd, and one with a fake Web site. We found evidence of responses to our deceptions, sometimes in the form of increased session lengths and sometimes by disappearance of attackers. Some benefit was obtained by varying the deceptions over time. These results are encouraging for developing more comprehensive automated deception strategies for defending computer systems, and provide a new experimentation methodology for systematically developing deception plans. | en_US |
| dc.description.sponsorship | supported in part by the National Science Foundation under grant 0429411 and by the Air Force Research Institute | en_US |
| dc.identifier.citation | Proceedings of the National Symposium on Moving Target Research, Annapolis, Maryland, USA, June 11, 2012. | |
| dc.identifier.uri | https://hdl.handle.net/10945/36826 | |
| dc.publisher | Monterey, California. Naval Postgraduate School | en_US |
| dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
| dc.subject.author | deception | en_US |
| dc.subject.author | cyberattacks | en_US |
| dc.subject.author | honeypots | en_US |
| dc.subject.author | tactics | en_US |
| dc.subject.author | Honeyd | en_US |
| dc.subject.author | Snort Inline | en_US |
| dc.subject.author | packets | en_US |
| dc.subject.author | scripts | en_US |
| dc.title | Testing Deception Tactics in Response to Cyberattacks | en_US |
| dc.type | Conference Paper | en_US |
| dspace.entity.type | Publication |
