Intrusion deception in defense of computer systems

Abstract : We investigate deception in response to cyber-intrusion or trespassing on computer systems. We present a Response Framework that categorizes the types of response we can employ against intruders and show how intrusion deception has its place in this framework. To experiment, we put together tools and technologies such as Snort, VMware, and honeynets in a testbed open to attacks from the Internet. We wrote some Snort rules and ran Snort in inline mode to deceptively manipulate packets of attackers. Our results showed that attackers did react to our deceptions in some interesting ways, suggesting that intrusion deception is a viable response to intrusion.