Title :
Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception
Author :
Rowe, Neil C. ; Goh, Han C.
Author_Institution :
Naval Postgraduate Sch., Monterey
Abstract :
One of the best ways to defend a computer system is to make attackers think it is not worth attacking. Deception or inconsistency during attacker reconnaissance can be an effective way to encourage this. We provide some theory of its advantages and present some data from a honeypot that suggests ways it could be fruitfully employed. We then report on experiments that manipulated packets of attackers of a honeypot using Snort Inline. Results show that attackers definitely responded to deceptive manipulations, although not all the responses helped defenders. We conclude with some preliminary results on analysis of "last packets" of a session which indicate more precisely what clues turn attackers away.
Keywords :
security of data; computer system; honeypot; snort inline; thwarting cyber-attack reconnaissance; Access control; Computer errors; Computerized monitoring; Condition monitoring; Conferences; Costs; Delay effects; Military computing; Reconnaissance; Software tools; computers; cost; deception; honeypot; networks; packets; reconnaissance;
Conference_Titel :
Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC
Conference_Location :
West Point, NY
Print_ISBN :
1-4244-1304-4
Electronic_ISBN :
1-4244-1304-4
DOI :
10.1109/IAW.2007.381927
