Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers becoming more careful to avoid honeypots, other decoy elements on real host systems continue to create uncertainty for attackers. This uncertainty makes an attack more difficult, as an attacker cannot be sure whether the system does contain deceptive elements or not. Consequently, each action of an attacker could lead to the discovery. In this paper a framework is proposed for placing decoy elements through an SSH proxy, allowing to deploy decoy elements on-the-fly without the need for a modification of the protected host system.
翻译:在网络安全领域欺骗攻击者是一种既定做法,主要通过部署由开放网络港口组成的蜂蜜罐实现,其唯一目的是对连接发出警报。随着攻击者更加小心避免蜂蜜罐,实际主机系统上的其他诱饵元素继续给攻击者造成不确定性。这种不确定性使得攻击更加困难,因为攻击者无法确定系统是否含有欺骗性元素。因此,攻击者的每一次行动都可能导致发现。本文建议通过SSH代用器放置诱饵元素,允许在飞行时部署诱饵元素,而无需修改受保护的主机系统。
相关内容
微信扫码咨询专知VIP会员