Secure (S)Hell: Introducing an SSH Deception Proxy Framework

04/08/2021
by   Daniel Reti, et al.
0

Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers becoming more careful to avoid honeypots, other decoy elements on real host systems continue to create uncertainty for attackers. This uncertainty makes an attack more difficult, as an attacker cannot be sure whether the system does contain deceptive elements or not. Consequently, each action of an attacker could lead to the discovery. In this paper a framework is proposed for placing decoy elements through an SSH proxy, allowing to deploy decoy elements on-the-fly without the need for a modification of the protected host system.

READ FULL TEXT

page 1

page 2

page 3

page 4

06/19/2019

Catfish Effect Between Internal and External Attackers:Being Semi-honest is Helpful

The consensus protocol named proof of work (PoW) is widely applied by cr...
08/31/2021

Incorporating Deception into CyberBattleSim for Autonomous Defense

Deceptive elements, including honeypots and decoys, were incorporated in...
12/03/2020

Can I Take Your Subdomain? Exploring Related-Domain Attacks in the Modern Web

Related-domain attackers control a sibling domain of their target web ap...
06/08/2021

Analysis of Attacker Behavior in Compromised Hosts During Command and Control

Traditional reactive approach of blacklisting botnets fails to adapt to ...
04/08/2021

Deep Down the Rabbit Hole: On References in Networks of Decoy Elements

Deception technology has proven to be a sound approach against threats t...
07/18/2020

Active Deception using Factored Interactive POMDPs to Recognize Cyber Attacker's Intent

This paper presents an intelligent and adaptive agent that employs decep...
04/08/2021

Escape the Fake: Introducing Simulated Container-Escapes for Honeypots

In the field of network security, the concept of honeypots is well estab...