Related papers: Evaluating Deception and Moving Target Defense wit…
Honeypots play a crucial role in implementing various cyber deception techniques as they possess the capability to divert attackers away from valuable assets. Careful strategic placement of honeypots in networks should consider not only…
One of the widely used cyber deception techniques is decoying, where defenders create fictitious machines (i.e., honeypots) to lure attackers. Honeypots are deployed to entice attackers, but their effectiveness depends on their…
A honeypot, which is a kind of deception strategy, has been widely used for at least 20 years to mitigate cyber threats. Decision-makers have believed that honeypot strategies are intuitive and effective, since honeypots have successfully…
Deception plays a critical role in the financial industry, online markets, national defense, and countless other areas. Understanding and harnessing deception - especially in cyberspace - is both crucial and difficult. Recent work in this…
This paper explores deploying a cyber honeypot system to learn how cyber defenders can use a honeypot system as a deception mechanism to gather intelligence. Defenders can gather intelligence about an attacker such as the autonomous system…
Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021.…
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers…
In the field of network security, the concept of honeypots is well established in research as well as in production. Honeypots are used to imitate a legitimate target on the network and to raise an alert on any interaction. This does not…
Honeypot is an important cyber defense technique that can expose attackers new attacks. However, the effectiveness of honeypots has not been systematically investigated, beyond the rule of thumb that their effectiveness depends on how they…
Honeypots are deception systems that emulate vulnerable services to collect threat intelligence. While deploying many honeypots increases the opportunity to observe attacker behaviour, in practise network and computational resources limit…
Network honeypots are often used by information security teams to measure the threat landscape in order to secure their networks. With the advancement of honeypot development, today's medium-interaction honeypots provide a way for security…
Honeypots are a well-studied defensive measure in network security. This work proposes an effective low-cost honeypot that is easy to deploy and maintain. The honeypot introduced in this work is able to handle commands in a non-standard way…
Deceptive elements, including honeypots and decoys, were incorporated into the Microsoft CyberBattleSim experimentation and research platform. The defensive capabilities of the deceptive elements were tested using reinforcement learning…
Deception is being increasingly explored as a cyberdefense strategy to protect operational systems. We are studying implementation of deception-in-depth strategies with initially three logical layers: network, host, and data. We draw ideas…
Network infrastructure in a production environment is increasingly targeted by attackers every day. Many resources and services now rely on the internet, making network infrastructure one of the most critical parts to protect, as it hosts…
Honeypots are a deceptive technology used to capture malicious activity. The technology is useful for studying attacker behavior, tools, and techniques but can be difficult to implement and maintain. Historically, a lack of measures of…
Cybersecurity threats continue to increase, with a growing number of previously unknown attacks each year targeting both large corporations and smaller entities. This scenario demands the implementation of advanced security measures, not…
Adversarial reconnaissance is a crucial step in sophisticated cyber-attacks as it enables threat actors to find the weakest points of otherwise well-defended systems. To thwart reconnaissance, defenders can employ cyber deception…
Fooling adversaries with traps such as honeytokens can slow down cyber attacks and create strong indicators of compromise. Unfortunately, cyber deception techniques are often poorly specified. Also, realistically measuring their…
This paper is concerned with the synthesis of strategies in network systems with active cyber deception. Active deception in a network employs decoy systems and other defenses to conduct defensive planning against the intrusion of malicious…