Advertisement

Honeypot Deception Tactics

  • Ehab Al-Shaer
  • Jinpeng Wei
  • Kevin W. Hamlen
  • Cliff Wang
Chapter

Abstract

Honeypots on computer networks are most effective when they use deception to fool cyberadversaries into thinking that they are not actual decoy intelligence collectors. Honeypot deception can be made more effective when applied with variety. We discuss the range of deception tactics of which honeypots can take advantage. Ideas can come from deception theory, and honeypot deceptions can benefit from planning and experimentation.

References

  1. 1.
    P. Aggarwal, C. Gonzalez, and V. Dutt. Looking from the hacker’s perspective: Role of deceptive strategies in cyber security. In 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), pages 1–6, June 2016.Google Scholar
  2. 2.
    N. Al-Gharabally, N. El-Sayed, S. Al-Mulla, and I. Ahmad. Wireless honeypots: Survey and assessment. In Proceedings of the 2009 Conference on Information Science, Technology and Applications, ISTA ’09, pages 45–52, New York, NY, USA, 2009. ACM.Google Scholar
  3. 3.
    M. H. Almeshekah and E. H. Spafford. Planning and integrating deception into computer security defenses. In Proceedings of the 2014 New Security Paradigms Workshop, pages 127–138, New York, NY, USA, 2014. ACM.Google Scholar
  4. 4.
    F. Araujo, K. W. Hamlen, S. Biedermann, and S. Katzenbeisser. From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pages 942–953, New York, NY, USA, 2014. ACM.Google Scholar
  5. 5.
    K. Borders, L. Falk, and A. Prakash. Openfire: Using deception to reduce network attacks. In SecureComm, pages 224–233. IEEE, 2007.Google Scholar
  6. 6.
    F. De Gaspari, S. Jajodia, L. V. Mancini, and A. Panico. Ahead: A new architecture for active defense. In Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense, SafeConfig ’16, pages 11–16, New York, NY, USA, 2016. ACM.Google Scholar
  7. 7.
    J. Dunnigan and A. Nofi. Victory and Deceit, Second Edition: Deception and Trickery in War. Writers Club Press, San Jose, CA, US, 2001.Google Scholar
  8. 8.
    C. D. Faveri, A. Moreira, and V. Amaral. Goal-driven deception tactics design. In 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), pages 264–275, Oct 2016.Google Scholar
  9. 9.
    C. Fowler and R. Nesbit. Tactical deception in air-land warfare. Journal of Electronic Defense, 18(6), 1995.Google Scholar
  10. 10.
    D. Fraunholz and H. D. Schotten. Strategic defense and attack in deception based network security. In 2018 International Conference on Information Networking (ICOIN), pages 156–161, Jan 2018.Google Scholar
  11. 11.
    E. E. Frederick, N. C. Rowe, and A. B. G. Wong. Testing deception tactics in response to cyberattacks, In Proceedings of the National Symposium on Moving Target Research, Annapolis, Maryland, US, June 2012. Retrieved from http://faculty.nps.edu/ncrowe/rowe_mtr_realtimedecep.htm, March 10, 2018.
  12. 12.
    F. Girtler. Efficient Malware Detection by a Honeypot Network. AV Akademikerverlag, 2013.Google Scholar
  13. 13.
    X. Han, N. Kheir, and D. Balzarotti. Evaluation of deception-based web attacks detection. In Proceedings of the 2017 Workshop on Moving Target Defense, MTD ’17, pages 65–73, New York, NY, USA, 2017. ACM.Google Scholar
  14. 14.
    S. Hassan and R. Guha. A probabilistic study on the relationship of deceptions and attacker skills. In 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pages 693–698, Nov 2017.Google Scholar
  15. 15.
    S. F. McKenna. Detection and classification of web robots with honeypots, 2016. Retrieved from http://faculty.nps.edu/ncrowe/oldstudents/28Mar_McKenna_Sean_thesis.htm, March 3, 2018.
  16. 16.
    P. Pal, N. Soule, N. Lageman, S. S. Clark, M. Carvalho, A. Granados, and A. Alves. Adaptive resource management enabling deception (armed). In Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES ’17, pages 52:1–52:8, New York, NY, USA, 2017. ACM.Google Scholar
  17. 17.
    N. C. Rowe, E. J. Custy, and B. T. Duong. Defending cyberspace with fake honeypots, 2007.Google Scholar
  18. 18.
    N. C. Rowe and J. Rrushi. Introduction to Cyberdeception. Springer Publishing Company, Incorporated, 1st edition, 2016.CrossRefGoogle Scholar
  19. 19.
    M. P. Stoecklin, J. Zhang, F. Araujo, and T. Taylor. Dressed up: Baiting attackers through endpoint service projection. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, SDN-NFVSec@CODASPY 2018, Tempe, AZ, USA, March 19–21, 2018, pages 23–28, 2018.Google Scholar
  20. 20.
    P. Sztompka. Trust. Cambridge University Press, London, UK, 1999.Google Scholar
  21. 21.
    J. Tammi, S. Rauti, and V. Leppänen. Practical challenges in building fake services with the record and play approach. In SIN, pages 235–239. ACM, 2017.Google Scholar
  22. 22.
    V. E. Urias, W. M. S. Stout, and H. W. Lin. Gathering threat intelligence through computer network deception. In 2016 IEEE Symposium on Technologies for Homeland Security (HST), pages 1–6, May 2016.Google Scholar
  23. 23.
    C. Wang and Z. Lu. Cyber deception: Overview and the road ahead. IEEE Security Privacy, 16(2):80–85, March 2018.CrossRefGoogle Scholar
  24. 24.
    W. Wang, J. Bickford, I. Murynets, R. Subbaraman, A. G. Forte, and G. Singaraju. Catching the wily hacker: A multilayer deception system. In 2012 35th IEEE Sarnoff Symposium, pages 1–6, May 2012.Google Scholar
  25. 25.
    M. Wegerer and S. Tjoa. Defeating the database adversary using deception - a MySQL database honeypot. In 2016 International Conference on Software Security and Assurance (ICSSA), pages 6–10, Aug 2016.Google Scholar
  26. 26.
    A. Zarras. The art of false alarms in the game of deception: Leveraging fake honeypots for enhanced security. In 48th IEEE International Carnahan Conference on Security Technology (ICCST), October 2014.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Ehab Al-Shaer
    • 1
  • Jinpeng Wei
    • 2
  • Kevin W. Hamlen
    • 3
  • Cliff Wang
    • 4
  1. 1.Department of Software & Information SystemUniversity of North Carolina CharlotteCharlotteUSA
  2. 2.Department of Software and Information SystemUniversity of North CarolinaCharlotteUSA
  3. 3.Computer Science DepartmentUniversity of Texas at DallasRichardsonUSA
  4. 4.Computing and Information Science DivisionArmy Research OfficeDurhamUSA

Personalised recommendations