Fake Honeypots:  A Defensive Tactic for Cyberspace

Rowe, Neil C.; Duong, Binh T.; Custy, E. John

Download

Rowe_Fake_Honeypots.pdf (197.1Kb)

Download Record

Download to EndNote/RefMan (RIS)

Download to BibTex

Author

Rowe, Neil C.

Duong, Binh T.

Custy, E. John

Date

2006-06

Metadata

Show full item record

Abstract

Cyber-attackers are becoming more aware of honeypots. They generally want to avoid honeypots since it is hard to spread attacks from them, attacks are thoroughly monitored on them, and some honeypots contain planted false information. This suggests that it could be useful for a computer system to pretend it is a honeypot, to scare away smarter attackers. We examine here from a number of perspectives how this could be accomplished as a kind of ?vaccination? of systems to reduce numbers of attacks and their severity. We develop a mathematical model of what would make an attacker go away. We report experiments with deliberate distortions on text to see at what point people could detect deception, and discover they can respond to subtle clues. We also report experiments with real attackers against a honeypot of increasing obviousness. Results show that attacks on it decreased over time which may indicate that attackers are being scared away. We conclude with some speculation about the escalation of honeypot-antihoneypot techniques.

Description

This paper appeared in the Proceedings of the 7th IEEE Workshop on Information Assurance, West Point, NY, June 21-23 2006.

URI

http://hdl.handle.net/10945/36459

Collections

Faculty and Researchers' Publications