Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception
Rowe, Neil C.
Goh, Han C.
MetadataShow full item record
One of the best ways to defend a computer system is to make attackers think it is not worth attacking. Deception or inconsistency during attacker reconnaissance can be an effective way to encourage this. We provide some theory of its advantages and present some data from a honeypot that suggests ways it could be fruitfully employed. We then report on experiments that manipulated packets of attackers of a honeypot using Snort Inline. Results show that attackers definitely responded to deceptive manipulations, although not all the responses helped defenders. We conclude with some preliminary results on analysis of “last packets” of a session which indicate more precisely what clues turn attackers away.
This paper appeared in the Proceedings of the 8th IEEE Workshop on Information Assurance, West Point, NY, June 2007.
Showing items related by title, author, creator and subject.
Lim, Sze Li Harry (Monterey, California. Naval Postgraduate School, 2006-12);A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. While the security community is reaping fruits of this collection tool, the hacker ...
Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ...
Boonyachan, Supachart (Monterey, California. Naval Postgraduate School, 1974-09);The models presented here are for the allocation of missiles to defended targets with a fixed force of imperfect defense missiles. The attackers will be directed first at the defense sites then at the targets themselves. ...