Delaying-type responses for use by software decoys
Approved for public release, distribution is unlimited === Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, intelligent sof...
Main Author: | |
---|---|
Other Authors: | |
Published: |
Monterey, California. Naval Postgraduate School
2012
|
Online Access: | http://hdl.handle.net/10945/5043 |
id |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-5043 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-50432015-02-06T03:56:11Z Delaying-type responses for use by software decoys Julian, Donald P. Rowe, Neil C. Michael, J. Bret Department of Computer Science Approved for public release, distribution is unlimited Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, intelligent software decoys provide autonomous software-based responses to identified intrusions. In this thesis, we explore conducting military deception, focusing on the use of software-driven simulations to respond to the actions of intruders. In particular, this thesis focuses on a model of a simple deceptive response that is intended to protect a search-type program from a buffer-overflow attack. During our study, we found that after identifying an attack attempt, simulating system saturation with processing delays worked well to deceive a prospective attacker. We also experimented with providing confusing reactions to an identified attack attempt, such as simulated network login screens and fake root-shells. The results were successful, simple reactions to intrusions that mimicked intended system interaction, and they proved to be adequate at implementing the deception principles we studied. 2012-03-14T17:44:00Z 2012-03-14T17:44:00Z 2002-09 Thesis http://hdl.handle.net/10945/5043 This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted. Monterey, California. Naval Postgraduate School |
collection |
NDLTD |
sources |
NDLTD |
description |
Approved for public release, distribution is unlimited === Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, intelligent software decoys provide autonomous software-based responses to identified intrusions. In this thesis, we explore conducting military deception, focusing on the use of software-driven simulations to respond to the actions of intruders. In particular, this thesis focuses on a model of a simple deceptive response that is intended to protect a search-type program from a buffer-overflow attack. During our study, we found that after identifying an attack attempt, simulating system saturation with processing delays worked well to deceive a prospective attacker. We also experimented with providing confusing reactions to an identified attack attempt, such as simulated network login screens and fake root-shells. The results were successful, simple reactions to intrusions that mimicked intended system interaction, and they proved to be adequate at implementing the deception principles we studied. |
author2 |
Rowe, Neil C. |
author_facet |
Rowe, Neil C. Julian, Donald P. |
author |
Julian, Donald P. |
spellingShingle |
Julian, Donald P. Delaying-type responses for use by software decoys |
author_sort |
Julian, Donald P. |
title |
Delaying-type responses for use by software decoys |
title_short |
Delaying-type responses for use by software decoys |
title_full |
Delaying-type responses for use by software decoys |
title_fullStr |
Delaying-type responses for use by software decoys |
title_full_unstemmed |
Delaying-type responses for use by software decoys |
title_sort |
delaying-type responses for use by software decoys |
publisher |
Monterey, California. Naval Postgraduate School |
publishDate |
2012 |
url |
http://hdl.handle.net/10945/5043 |
work_keys_str_mv |
AT juliandonaldp delayingtyperesponsesforusebysoftwaredecoys |
_version_ |
1716730494226268160 |