A3 Book chapter
A honeypot proxy framework for deceiving attackers with fabricated content




List of Authors: Jarko Papalitsas, Sampsa Rauti, Jani Tammi, Ville Leppänen
Publication year: 2018
Book title *: Cyber Threat Intelligence Book
Title of series: Advances in Information Security
Volume number: 70
Number of pages: 20
ISBN: 978-3-319-73950-2
eISBN: 978-3-319-73951-9
ISSN: 1568-2633

Abstract

Deception is a promising method for strengthening software security. It differs from many traditional security approaches as it does not directly prevent the attacker's actions but instead aims to learn about the attacker's behavior. In this paper, we discuss the idea of deceiving attackers with fake services and fabricated content in order to find out more about malware's functionality and to hamper cyber intelligence. The effects of false data on the malware's behavior can be studied while at the same time complicating cyber intelligence by feeding fallacious content to the adversary. We also discuss the properties required from a tool generating fabricated entities. We then introduce a design for a honeypot proxy that generates fallacious content for fake services in order to deceive attackers, and test our implementation's accuracy and performance. We conclude that although challenging in many ways, deceiving adversaries with fake services is a promising and feasible approach in order to protect computer systems and analyze malware.


Last updated on 2019-16-07 at 18:08