Defending Cyberspace with Fake Honeypots

Abstract: Abstract-Honeypots are computer systems designed for no purpose other than recording attacks on them. Cyber-attackers avoid them since honeypots jeopardize the secrecy of attack methods and it is hard to launch attacks from them. This suggests that a computer system might pretend to be a honeypot to scare away attackers, reducing the number of attacks and their severity. This could be done on ordinary computer systems as a kind of "vaccination" of those systems, to create what we call "fake honeypots". After s… Show more

“…She can disguise normal systems as honeypots and honeypots as normal systems. Rowe et al [2] showed that this technique effectively enhances computer network security. After the network is created, an attacker then attempts to compromise systems.…”

“…Attackers require additional resources (e.g., time, money) to comprehend the situation and to tailor their attacks to the specifics that the situation demands. Deception has a long history of effective use within the military and is now being deployed for the protection of information systems [1], [2].…”

“…To complicate the job of detecting honeypots, Rowe et al [2] have proposed the use of "fake honeypots", which are normal systems that have been disguised to appear as honeypots. This is a form of deception in which objects are camouflaged or masked to appear as some other object [6].…”

“…Cohen and Koike [1] showed how deception can control the path of an attack. Rowe et al [2] showed how fake honeypots, normal systems disguised as honeypots, decreased the amount of attacks a network witnesses. Several tools for evaluating honeypot deceptions were proposed in [9].…”

A Game Theoretic Investigation of Deception in Network Security

“…She can disguise normal systems as honeypots and honeypots as normal systems. Rowe et al [2] showed that this technique effectively enhances computer network security. After the network is created, an attacker then attempts to compromise systems.…”

“…Attackers require additional resources (e.g., time, money) to comprehend the situation and to tailor their attacks to the specifics that the situation demands. Deception has a long history of effective use within the military and is now being deployed for the protection of information systems [1], [2].…”

“…To complicate the job of detecting honeypots, Rowe et al [2] have proposed the use of "fake honeypots", which are normal systems that have been disguised to appear as honeypots. This is a form of deception in which objects are camouflaged or masked to appear as some other object [6].…”

“…Cohen and Koike [1] showed how deception can control the path of an attack. Rowe et al [2] showed how fake honeypots, normal systems disguised as honeypots, decreased the amount of attacks a network witnesses. Several tools for evaluating honeypot deceptions were proposed in [9].…”

A Game Theoretic Investigation of Deception in Network Security

“…Deception through gameplay has been discussed [31,11,8,37], or implemented by hand [10], but little empirical work has been done to demonstrate the usefulness such an approach provides. Prior work traditionally focuses on improving information gain generated by honeypots [37,8] us- Figure 5: Numbers of components for G dnsw and G null for each day of the long-term experiment.…”

Understanding the prevalence and use of alternative plans in malware with network games

A game theoretic investigation of deception in network security