Delaying-Type Responses for Use by Software Decoys

Abstract

Modem intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, intelligent software decoys provide autonomous software-based responses to identified intrusions. In this thesis, we explore conducting military deception, focusing on the use of software-driven simulations to respond to the actions of intruders. In particular, this thesis focuses on a model of a simple deceptive response that is intended to protect a search type program from a buffer-overflow attack. During our study, we found that after identifying an attack attempt, simulating system saturation with processing delays worked well to deceive a prospective attacker. We also experimented with providing confusing reactions to an identified attack attempt, such as simulated network login screens and fake root- shells. The results were successful, simple reactions to intrusions that mimicked intended system interaction, and they proved to be adequate at implementing the deception principles we studied.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2002
Accession Number
ADA407043

Entities

People

  • Donald P. Julian

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Ground and Sea Platforms

DTIC Thesaurus Topics

  • Buffer Overflow Attack
  • C Programming Language
  • Computer Communications
  • Computer Networks
  • Computer Programming
  • Computer Science
  • Computers
  • Cyber Warfare
  • Cyberattacks
  • Cybersecurity
  • Denial Of Service Attack
  • Detection
  • Intrusion
  • Intrusion Detection
  • Intrusion Detectors
  • Operating Systems
  • Simulations

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Military History / Militaries and War Studies
  • Sensor Fusion and Tracking Systems.