Intrusion Deception in Defense of Computer Systems

Abstract

We investigate deception in response to cyber-intrusion or trespassing on computer systems. We present a Response Framework that categorizes the types of response we can employ against intruders and show how intrusion deception has its place in this framework. To experiment, we put together tools and technologies such as Snort, VMware, and honeynets in a testbed open to attacks from the Internet. We wrote some Snort rules and ran Snort in inline mode to deceptively manipulate packets of attackers. Our results showed that attackers did react to our deceptions in some interesting ways, suggesting that intrusion deception is a viable response to intrusion.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2007
Accession Number
ADA467120

Entities

People

  • Han C. Goh

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Protocols
  • California
  • Computer Crime
  • Computer Science
  • Computers
  • Cybersecurity
  • Deception
  • Detection
  • Internet
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Networks
  • Operating Systems
  • United States Military Academy

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Educational Psychology

Technology Areas

  • Cyber