A3 Refereed book chapter or chapter in a compilation book

A honeypot proxy framework for deceiving attackers with fabricated content




AuthorsJarko Papalitsas, Sampsa Rauti, Jani Tammi, Ville Leppänen

EditorsAli Dehghantanha, Mauro Conti, Tooska Dargahi

Publication year2018

Book title Cyber Threat Intelligence Book

Series titleAdvances in Information Security

Volume70

First page 239

Last page258

Number of pages20

ISBN978-3-319-73950-2

eISBN978-3-319-73951-9

ISSN1568-2633

DOIhttps://doi.org/10.1007/978-3-319-73951-9_12(external)


Abstract

Deception is a promising method for strengthening software security. It differs from many traditional security approaches as it does not directly prevent the attacker's actions but instead aims to learn about the attacker's behavior. In this paper, we discuss the idea of deceiving attackers with fake services and fabricated content in order to find out more about malware's functionality and to hamper cyber intelligence. The effects of false data on the malware's behavior can be studied while at the same time complicating cyber intelligence by feeding fallacious content to the adversary. We also discuss the properties required from a tool generating fabricated entities. We then introduce a design for a honeypot proxy that generates fallacious content for fake services in order to deceive attackers, and test our implementation's accuracy and performance. We conclude that although challenging in many ways, deceiving adversaries with fake services is a promising and feasible approach in order to protect computer systems and analyze malware.



Last updated on 2024-26-11 at 18:37