Naval Postgraduate School
Intrusion deception in defense of computer systems
07Mar_Goh.pdf (526.3Kb)Abstract
We investigate deception in response to cyber-intrusion or trespassing on computer systems. We present a Response Framework that categorizes the types of response we can employ against intruders and show how "intrusion deception" has its place in this framework. To experiment, we put together tools and technologies such as Snort, VMware, and honeynetsin a testbed open to attacks from the Internet. We wrote some Snort rules and ran Snort in inline mode to deceptively manipulate packets of attackers. Our results showed that attackers did react to our deceptions in some interesting ways, suggesting that intrusion deception is a viable response to intrusion.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Delaying-type responses for use by software decoys
(Monterey, California. Naval Postgraduate School, 2002-09);Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, ... -
Conditional Entropy for Deception Analysis, 13th ICCRTS: C2 for Complex Endeavors
(Monterey, California. Naval Postgraduate School, 2008-06);This paper describes how basic concepts from information theory can be used to analyze deception. We show how a general definition of deception can be mapped to a simple communication model known as a Z-channel, and we ... -
Experiments with Deceptive Software Responses to Buffer-Overflow Attacks
(Monterey, California. Naval Postgraduate School, 2003-06);Modern intrusion detection systems have become good in identifying many kinds of malicious users on computer systems. But once they identify an attack, their usual response is to terminate the attacker session. This tells ...
