Experiments with Deceptive Software Responses to Buffer-Overflow Attacks
Loading...
Authors
Julian, Donald P.
Rowe, Neil C.
Michael, J. Bret
Subjects
deception
information systems
decoys
World Wide Web
portals
servlets
buffer overflows
information systems
decoys
World Wide Web
portals
servlets
buffer overflows
Advisors
Date of Issue
2003-06
Date
June 2003
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Modern intrusion detection systems have become good in identifying many kinds of malicious users on computer systems. But once
they identify an attack, their usual response is to terminate the attacker session. This tells the attacker that they have been discovered,
and encourages them to try other perhaps more vulnerable sites or try attack methods that we have no protection against. But access
control is not the only response possible to an attack. Systems could use deception to fool the attacker about the results of their actions
so that the attacker would waste time on fruitless endeavors. Deceptive software could also provide autonomous protective software
responses to identified intrusions for a "second line of defense" when access controls have been subverted or destroyed.
Type
Conference Paper
Description
This paper appeared in the Proceedings of the 2003 IEEE Workshop on Information Assurance, West Point,
NY, June 2003.
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
This work is part of the Homeland Security Leadership Development Program supported by the U.S. Department of Justice Office of Justice Programs and Office for Domestic Preparedness
Funding
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.