Testing Deception Tactics in Response to Cyberattacks

Download
Author
Frederick, Erwin E.
Rowe, Neil C.
Wong, Albert B. G.
Date
2012-06-11Metadata
Show full item recordAbstract
Deception can be a useful tool in defending computer systems against cyberattacks because it is
unexpected and offers much variety of tactics. It is particularly useful for sites of critical infrastructure for which
multiple defenses are desirable. We have developed an experimental approach to finding deceptive tactics for system
defense by trying a variety of tactics against live Internet traffic and seeing what responses we get. These experiments
are easiest to do on a honeypot, a computer system designed solely as an attack target. We report on three kinds of
experiments with deceptive honeypots: one with modifying attack packets using Snort Inline, one with scripted
responses to attacks using Honeyd, and one with a fake Web site. We found evidence of responses to our deceptions,
sometimes in the form of increased session lengths and sometimes by disappearance of attackers. Some benefit was
obtained by varying the deceptions over time. These results are encouraging for developing more comprehensive
automated deception strategies for defending computer systems, and provide a new experimentation methodology for
systematically developing deception plans.
Description
This paper appeared in the Proceedings of the National Symposium on Moving Target Research, Annapolis,
Maryland, USA, June 11, 2012.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Active shooter response: defensive tactics and tactical decision-making for elementary school teachers and staff
Whitney, John A., IV (Monterey, California: Naval Postgraduate School, 2017-12);This study analyzes characteristics of Run, Hide, Fight and defensive tactics and tactical-based decision-making tools that can be modified and applied to enhance depth and breadth of preparedness. Specifically, the research ... -
Homeland Security Affairs Journal, Volume III - 2007: Issue 1, February
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2007-02);February 2007. The articles in this issue of Homeland Security Affairs demonstrate the arc of homeland security studies – from how we think about and address terrorism to how we communicate with one another when dealing ... -
Strategies used in capture-the-flag events contributing to team performance
Yam, Wye Kede Jerel (Monterey, California: Naval Postgraduate School, 2016-03);Capture-the-flag (CTF) exercises are useful pedagogical tools and have been employed, both formally and informally, by academic institutions. Much like their physical counterparts, cyber CTF exercises hold pedagogical value ...