Measuring the Effectiveness of Honeypot Counter-Counterdeception
Rowe, Neil C.
MetadataShow full item record
Honeypots are computer systems that try to fool cyberattackers into thinking they are ordinary computer systems, when in fact they are designed solely to collect data about attack methods and thereby enable better defense against attackers. Honeypots are more effective the more ordinary they appear, but so far designers have just used intuition in designing them. So it is valuable to develop metrics for measuring the effectiveness of honeypot deception. We report on several software tools we have developed for assessing the effectiveness of honeypots, particularly a metric-calculating tool that summarizes a file system by a vector of 72 numbers. Comparison of vectors between fake and real systems can guide design of the fake. We show that this metric tool, applied to a detailed fake file system we constructed, confirms that it is convincing in most ways.
This paper appeared in the 2006 Hawaii International Conference on Systems Sciences, January 2006, Poipu, HI.
Showing items related by title, author, creator and subject.
Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ...
Frederick, Erwin E. (Monterey, California. Naval Postgraduate School, 2011-09);The development of honeypots as decoys designed to detect, investigate, and counterattack unauthorized use of information systems has produced an "arms race" between honeypots (computers designed solely to receive cyber ...
Chong, Wai Hoe; Koh, Chong Khai Roger (Monterey, CA; Naval Postgraduate School, 2018-09);Honeypots can detect new attacks and vulnerabilities like zero-day exploits, based on an attacker’s behavior. Existing honeypots, however, are typically passive in nature and poor at detecting new and complex attacks like ...