Decoys in Cybersecurity: An Exploratory Study to Test the Effectiveness of 2-sided Deception

by   Palvi Aggarwal, et al.

One of the widely used cyber deception techniques is decoying, where defenders create fictitious machines (i.e., honeypots) to lure attackers. Honeypots are deployed to entice attackers, but their effectiveness depends on their configuration as that would influence whether attackers will judge them as "real" machines or not. In this work, we study two-sided deception, where we manipulate the observed configuration of both honeypots and real machines. The idea is to improve cyberdefense by either making honeypots “look like” real machines or by making real machines “look like honeypots.'"We identify the modifiable features of both real machines and honeypots and conceal these features to different degrees. In an experiment, we study three conditions: default features on both honeypot and real machines, concealed honeypots only, and concealed both honeypots and real machines. We use a network with 40 machines where 20 of them are honeypots. We manipulate the features of the machines, and using an experimental testbed (HackIT), we test the effectiveness of the decoying strategies against humans attackers. Results indicate that: Any of the two forms of deception (conceal honeypots and conceal both honeypots and real machines) is better than no deception at all. We observe that attackers attempted more exploits on honeypots and exfiltrated more data from honeypots in the two forms of deception conditions. However, the attacks on honeypots and data exfiltration were not different within the deception conditions. Results inform cybersecurity defenders on how to manipulate the observable features of honeypots and real machines to create uncertainty for attackers and improve cyberdefense.



There are no comments yet.


page 6


Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning

As machine learning becomes widely used for automated decisions, attacke...

Myths and Misconceptions about Attackers and Attacks

This paper is based on a three year project during which we studied atta...

A Theoretical Model For Artificial Learning, Memory Management And Decision Making System

Human beings are considered as the most intelligent species on Earth. Th...

Maya: Falsifying Power Sidechannels with Dynamic Control

The security of computers is at risk because of information leaking thro...

Active Fuzzing for Testing and Securing Cyber-Physical Systems

Cyber-physical systems (CPSs) in critical infrastructure face a pervasiv...

Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum

We performed the first systematic study of a new attack on Ethereum to s...

Observation-Assisted Heuristic Synthesis of Covert Attackers Against Unknown Supervisors

In this work, we address the problem of synthesis of covert attackers in...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.