Intrusion deception in defense of computer systems
07Mar_Goh.pdf (526.3Kb)Abstract
We investigate deception in response to cyber-intrusion or trespassing on computer systems. We present a Response Framework that categorizes the types of response we can employ against intruders and show how "intrusion deception" has its place in this framework. To experiment, we put together tools and technologies such as Snort, VMware, and honeynetsin a testbed open to attacks from the Internet. We wrote some Snort rules and ran Snort in inline mode to deceptively manipulate packets of attackers. Our results showed that attackers did react to our deceptions in some interesting ways, suggesting that intrusion deception is a viable response to intrusion.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Delaying-type responses for use by software decoys
(Monterey, California. Naval Postgraduate School, 2002-09);Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, ... -
Experiments with Deceptive Software Responses to Buffer-Overflow Attacks
(Monterey, California. Naval Postgraduate School, 2003-06);Modern intrusion detection systems have become good in identifying many kinds of malicious users on computer systems. But once they identify an attack, their usual response is to terminate the attacker session. This tells ... -
A generic software architecture for deception-based intrusion detection and response systems
(Monterey, California. Naval Postgraduate School, 2003);Today, intrusion detection systems provide for detecting intrusive patterns of interaction. Although the responses of such systems are typically limited to primitive actions, they can be supplemented with deception-based ...
