Deception technology has proven to be a sound approach against threats to
information systems. Aside from well-established honeypots, decoy elements,
also known as honeytokens, are an excellent method to address various types of
threats. Decoy elements are causing distraction and uncertainty to an attacker
and help detecting malicious activity. Deception is meant to be complementing
firewalls and intrusion detection systems. Particularly insider threats may be
mitigated with deception methods. While current approaches consider the use of
multiple decoy elements as well as context-sensitivity, they do not
sufficiently describe a relationship between individual elements. In this work,
inter-referencing decoy elements are introduced as a plausible extension to
existing deception frameworks, leading attackers along a path of decoy
elements. A theoretical foundation is introduced, as well as a stochastic model
and a reference implementation. It was found that the proposed system is
suitable to enhance current decoy frameworks by adding a further dimension of
inter-connectivity and therefore improve intrusion detection and prevention.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Reti_D/0/1/0/all/0/1">Daniel Reti</a>, <a href="http://arxiv.org/find/cs/1/au:+Fraunholz_D/0/1/0/all/0/1">Daniel Fraunholz</a>, <a href="http://arxiv.org/find/cs/1/au:+Zemitis_J/0/1/0/all/0/1">Janis Zemitis</a>, <a href="http://arxiv.org/find/cs/1/au:+Schneider_D/0/1/0/all/0/1">Daniel Schneider</a>, <a href="http://arxiv.org/find/cs/1/au:+Schotten_H/0/1/0/all/0/1">Hans Dieter Schotten</a>

By admin