Measuring the Effectiveness of Honeypot Counter-Counterdeception
Abstract
Honeypots are computer systems that try to fool cyberattackers into thinking they are ordinary computer systems, when in fact they
are designed solely to collect data about attack methods and thereby enable better defense against attackers. Honeypots are more
effective the more ordinary they appear, but so far designers have just used intuition in designing them. So it is valuable to develop
metrics for measuring the effectiveness of honeypot deception. We report on several software tools we have developed for assessing
the effectiveness of honeypots, particularly a metric-calculating tool that summarizes a file system by a vector of 72 numbers.
Comparison of vectors between fake and real systems can guide design of the fake. We show that this metric tool, applied to a detailed
fake file system we constructed, confirms that it is convincing in most ways.
Description
This paper appeared in the 2006 Hawaii International Conference on Systems Sciences, January 2006, Poipu, HI.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Testing deceptive honeypots
Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ... -
IDENTIFYING HONEYPOTS SIMULATING INTERNET-CONNECTED INDUSTRIAL-CONTROL SYSTEM DEVICES
Brown, Justin C. (Monterey, CA; Naval Postgraduate School, 2019-09);Heuristic analysis can reveal honeypots (decoy computer systems doing intelligence gathering) among Internet-connected industrial-control sites. Detectability of honeypots is undesirable, as it enables a careful adversary ... -
Creating Effective Industrial-Control-System Honeypots
Rowe, Neil; Nguyen, Thuy; Kendrick, Marian; Rucker, Zaky; Hyun, Dahae; Brown, Justin (HICSS, 2020-01-07);Cyberattacks on industrial control systems (ICSs) can be especially damaging since they often target critical infrastructure. Honeypots are valuable network-defense tools, but they are difficult to implement for ICSs because ...