Intrusion deception in defense of computer systems
Goh, Han Chong
Rowe, Neil C.
Warren, Daniel F.
MetadataShow full item record
We investigate deception in response to cyber-intrusion or trespassing on computer systems. We present a Response Framework that categorizes the types of response we can employ against intruders and show how "intrusion deception" has its place in this framework. To experiment, we put together tools and technologies such as Snort, VMware, and honeynetsin a testbed open to attacks from the Internet. We wrote some Snort rules and ran Snort in inline mode to deceptively manipulate packets of attackers. Our results showed that attackers did react to our deceptions in some interesting ways, suggesting that intrusion deception is a viable response to intrusion.
Showing items related by title, author, creator and subject.
Julian, Donald P. (Monterey, California. Naval Postgraduate School, 2002-09);Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, ...
Custy, John; Rowe, Neil C. (Monterey, California. Naval Postgraduate School, 2008-06);This paper describes how basic concepts from information theory can be used to analyze deception. We show how a general definition of deception can be mapped to a simple communication model known as a Z-channel, and we ...
Julian, Donald P.; Rowe, Neil C.; Michael, J. Bret (Monterey, California. Naval Postgraduate School, 2003-06);Modern intrusion detection systems have become good in identifying many kinds of malicious users on computer systems. But once they identify an attack, their usual response is to terminate the attacker session. This tells ...