Deceiving an attacker in the network security domain is a well established
approach, mainly achieved through deployment of honeypots consisting of open
network ports with the sole purpose of raising an alert on a connection. With
attackers becoming more careful to avoid honeypots, other decoy elements on
real host systems continue to create uncertainty for attackers. This
uncertainty makes an attack more difficult, as an attacker cannot be sure
whether the system does contain deceptive elements or not. Consequently, each
action of an attacker could lead to the discovery. In this paper a framework is
proposed for placing decoy elements through an SSH proxy, allowing to deploy
decoy elements on-the-fly without the need for a modification of the protected
host system.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Reti_D/0/1/0/all/0/1">Daniel Reti</a>, <a href="http://arxiv.org/find/cs/1/au:+Klaassen_D/0/1/0/all/0/1">David Klaa&#xdf;en</a>, <a href="http://arxiv.org/find/cs/1/au:+Anton_S/0/1/0/all/0/1">Simon Duque Anton</a>, <a href="http://arxiv.org/find/cs/1/au:+Schotten_H/0/1/0/all/0/1">Hans Dieter Schotten</a>

By admin