Deep Down the Rabbit Hole: On References in Networks of Decoy Elements

Deception technology has proven to be a sound approach against threats to information systems. Aside from well-established honeypots, decoy elements, also known as honeytokens, are an excellent method to address various types of threats. Decoy elements are causing distraction and uncertainty to an attacker and help detecting malicious activity. Deception is meant to be complementing firewalls and intrusion detection systems. Particularly insider threats may be mitigated with deception methods. While current approaches consider the use of multiple decoy elements as well as context-sensitivity, they do not sufficiently describe a relationship between individual elements. In this work, inter-referencing decoy elements are introduced as a plausible extension to existing deception frameworks, leading attackers along a path of decoy elements. A theoretical foundation is introduced, as well as a stochastic model and a reference implementation. It was found that the proposed system is suitable to enhance current decoy frameworks by adding a further dimension of inter-connectivity and therefore improve intrusion detection and prevention.

[1]  Anthony Unwin,et al.  Reversibility and Stochastic Networks , 1980 .

[2]  B. Bollobás The evolution of random graphs , 1984 .

[3]  J. Bowyer Bell,et al.  Cheating and Deception , 1991 .

[4]  T. Holz,et al.  Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[5]  Gianluca Stringhini,et al.  Honey Sheets: What Happens to Leaked Google Spreadsheets? , 2016, CSET @ USENIX Security Symposium.

[6]  Marcin Nawrocki,et al.  A Survey on Honeypot Software and Data Analysis , 2016, ArXiv.

[7]  Hans D. Schotten,et al.  Defending Web Servers with Feints, Distraction and Obfuscation , 2018, 2018 International Conference on Computing, Networking and Communications (ICNC).

[8]  N. Rowe Deception in defense of computer systems from cyber-attack , 2007 .

[9]  Marc Zimmermann,et al.  Towards Deployment Strategies for Deception Systems , 2017 .

[10]  Ben Whitham Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles , 2017, HICSS.

[11]  Mohammed H. Almeshekah Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses , 2015 .

[12]  James Purnama,et al.  Enhancing Honeypot Deception Capability Through Network Service Fingerprinting , 2017 .

[13]  Fabien Pouget White paper: honeypot, honeynet, honeytoken: terminological issues , 2003 .

[14]  P. Erdos,et al.  On the evolution of random graphs , 1984 .

[15]  Zhi Wang,et al.  DKSM: Subverting Virtual Machine Introspection for Fun and Profit , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[16]  Oscar Serrano Serrano,et al.  Changing the game: The art of deceiving sophisticated attackers , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[17]  Hans D. Schotten,et al.  On the Detection and Handling of Security Incidents and Perimeter Breaches - A Modular and Flexible Honeytoken based Framework , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[18]  Thorsten Holz,et al.  NoSEBrEaK - attacking honeynets , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[19]  Lior Rokach,et al.  HoneyGen: An automated honeytokens generator , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[20]  Neal Krawetz,et al.  Anti-honeypot technology , 2004, IEEE Security & Privacy Magazine.

[21]  Hans D. Schotten,et al.  An adaptive honeypot configuration, deployment and maintenance strategy , 2017, 2017 19th International Conference on Advanced Communication Technology (ICACT).

[22]  Hans D. Schotten,et al.  Demystifying Deception Technology: A Survey , 2018, ArXiv.