Experiments with Deceptive Software Responses to Buffer-Overflow Attacks
Julian, Donald P.
Rowe, Neil C.
Michael, J. Bret
MetadataShow full item record
Modern intrusion detection systems have become good in identifying many kinds of malicious users on computer systems. But once they identify an attack, their usual response is to terminate the attacker session. This tells the attacker that they have been discovered, and encourages them to try other perhaps more vulnerable sites or try attack methods that we have no protection against. But access control is not the only response possible to an attack. Systems could use deception to fool the attacker about the results of their actions so that the attacker would waste time on fruitless endeavors. Deceptive software could also provide autonomous protective software responses to identified intrusions for a "second line of defense" when access controls have been subverted or destroyed.
This paper appeared in the Proceedings of the 2003 IEEE Workshop on Information Assurance, West Point, NY, June 2003.
Showing items related by title, author, creator and subject.
Kronzilber, Dor (Monterey, California: Naval Postgraduate School, 2017-09);We model attacks against computer networks in the cyber domain from the attacker’s point of view. We consider an attacker with limited resources and time, whose goal is to maximize the expected reward earned by exploiting ...
Lack, Lindsey A. (Monterey, California. Naval Postgraduate School, 2003-06);The attack of choice for a professional attacker is system subversion: the insertion of a trap door that allows the attacker to bypass an operating system's protection controls. This attack provides significant capabilities ...
Rowe, Neil C. (Monterey, California. Naval Postgraduate School, 2004-12);Since attackers trust computer systems to tell them the truth, it may be effective for those systems to lie or mislead. This could waste the attacker's resources while permitting time to organize a better defense, and ...