Testing Deception Tactics in Response to Cyberattacks
Frederick, Erwin E.
Rowe, Neil C.
Wong, Albert B. G.
MetadataShow full item record
Deception can be a useful tool in defending computer systems against cyberattacks because it is unexpected and offers much variety of tactics. It is particularly useful for sites of critical infrastructure for which multiple defenses are desirable. We have developed an experimental approach to finding deceptive tactics for system defense by trying a variety of tactics against live Internet traffic and seeing what responses we get. These experiments are easiest to do on a honeypot, a computer system designed solely as an attack target. We report on three kinds of experiments with deceptive honeypots: one with modifying attack packets using Snort Inline, one with scripted responses to attacks using Honeyd, and one with a fake Web site. We found evidence of responses to our deceptions, sometimes in the form of increased session lengths and sometimes by disappearance of attackers. Some benefit was obtained by varying the deceptions over time. These results are encouraging for developing more comprehensive automated deception strategies for defending computer systems, and provide a new experimentation methodology for systematically developing deception plans.
This paper appeared in the Proceedings of the National Symposium on Moving Target Research, Annapolis, Maryland, USA, June 11, 2012.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Active shooter response: defensive tactics and tactical decision-making for elementary school teachers and staff Whitney, John A., IV (Monterey, California: Naval Postgraduate School, 2017-12);This study analyzes characteristics of Run, Hide, Fight and defensive tactics and tactical-based decision-making tools that can be modified and applied to enhance depth and breadth of preparedness. Specifically, the research ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2007-02);February 2007. The articles in this issue of Homeland Security Affairs demonstrate the arc of homeland security studies – from how we think about and address terrorism to how we communicate with one another when dealing ...
Yam, Wye Kede Jerel (Monterey, California: Naval Postgraduate School, 2016-03);Capture-the-flag (CTF) exercises are useful pedagogical tools and have been employed, both formally and informally, by academic institutions. Much like their physical counterparts, cyber CTF exercises hold pedagogical value ...