Thwarting Cyber-Attack Reconnaissance with Inconsistency and Deception

2007 IEEE SMC Information Assurance and Security Workshop Pub Date : 2007-06-20 DOI:10.1109/IAW.2007.381927

N. Rowe, H. C. Goh

引用次数: 27

Abstract

One of the best ways to defend a computer system is to make attackers think it is not worth attacking. Deception or inconsistency during attacker reconnaissance can be an effective way to encourage this. We provide some theory of its advantages and present some data from a honeypot that suggests ways it could be fruitfully employed. We then report on experiments that manipulated packets of attackers of a honeypot using Snort Inline. Results show that attackers definitely responded to deceptive manipulations, although not all the responses helped defenders. We conclude with some preliminary results on analysis of "last packets" of a session which indicate more precisely what clues turn attackers away.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用不一致和欺骗挫败网络攻击侦察

保护计算机系统的最好方法之一是让攻击者认为它不值得攻击。在攻击者侦察期间的欺骗或不一致可能是鼓励这一点的有效方法。我们提供了一些理论，它的优势，并提出了一些数据，从蜜罐建议的方式，它可以有效地使用。然后，我们报告了使用Snort Inline操纵蜜罐攻击者数据包的实验。结果表明，攻击者肯定会对欺骗性操作做出反应，尽管并非所有的反应都对防御者有帮助。我们总结了一些初步的结果，分析了一个会话的“最后数据包”，更准确地指出了什么线索使攻击者离开。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2007 IEEE SMC Information Assurance and Security Workshop

自引率

0.00%

发文量

期刊最新文献

MSP-system: Mobile Secure Passport System to detect Malicious Users Enhancing Internet Domain Name System Availability by Building Rings of Cooperation Among Cache Resolvers An Efficient Network Anomaly Detection Scheme Based on TCM-KNN Algorithm and Data Reduction Mechanism A Linux Implementation of Temporal Access Controls Protocol of Secure Mutual Authentication