English

Secure (S)Hell: Introducing an SSH Deception Proxy Framework

Cryptography and Security 2021-04-09 v1 Networking and Internet Architecture

Abstract

Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers becoming more careful to avoid honeypots, other decoy elements on real host systems continue to create uncertainty for attackers. This uncertainty makes an attack more difficult, as an attacker cannot be sure whether the system does contain deceptive elements or not. Consequently, each action of an attacker could lead to the discovery. In this paper a framework is proposed for placing decoy elements through an SSH proxy, allowing to deploy decoy elements on-the-fly without the need for a modification of the protected host system.

Cite

@article{arxiv.2104.03666,
  title  = {Secure (S)Hell: Introducing an SSH Deception Proxy Framework},
  author = {Daniel Reti and David Klaaßen and Simon Duque Anton and Hans Dieter Schotten},
  journal= {arXiv preprint arXiv:2104.03666},
  year   = {2021}
}
R2 v1 2026-06-24T00:57:30.436Z