Abstract
A system with a high degree of availability and survivability can be created via service duplication on disparate server platforms, where a compromise via a previously unknown attack is detected by a voting mechanism. However, shutting down the compromised component will inform the attacker that the subversion attempt was unsuccessful, and might lead her to explore other avenues of attack. This paper presents a better solution by transforming the compromised component to a state of honeypot; removing it from duty, while providing the attacker with bogus data. This provides the administrator of the target system with extra time to implement adequate security measures while the attacker is busy “exploiting” the honeypot. As long as the majority of components remain uncompromised, the system continues to deliver service to legitimate users.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ranum, M.J.: Thinking about firewalls. In: Proceedings of Second International Conference on Systems and Network Security and Management (SANS-II) (April 1994)
Spitzner, L.: Honeypots – Tracking Hackers. Addison-Wesley, Reading (2003)
The Honeynet Project, Know Your Enemy – Revealing the Security Tools, Tactics and Motives of the Blachat Community, Addison-Wesley, Reading (2002)
Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The nepenthes platform: An efficient approach to collect malware. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 165–184. Springer, Heidelberg (2006)
Pouget, F., Holz, T.: A pointillist approach for comparing honeypots. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 51–68. Springer, Heidelberg (2005)
The HoneyNet Project. [Online]. Available: http://www.honeynet.org
Cheswick, B.: An evening with Berferd in which a cracker is lured, endured, and studied. In: USENIX Conference Proceedings, pp. 163–174. USENIX (1992)
Stoll, C.: Stalking the wily hacker. Communications of the ACM 31(5), 484–497 (1988)
Jaatun, M.G., Hallingstad, G.: Techniques for increasing survivability in NATO CIS. In: proceedings of the 1st European Survivability Workshop, February 2002, Köln-Wahn, Germany (2002)
Laprie, J.-C.: Dependable computing and fault-tolerance: Concepts and terminology. In: Proceedings of the 15th International Symposium on Fault-Tolerant Computing (FTCS-15), pp. 2–11 (1985)
Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T., Mead, N.R.: Survivable network systems: An emerging discipline. Sofware Engineering Institute (SEI), Carnegie Mellon University, Tech. Rep. CMU/SEI-97-TR-013 (1997-1999)
Wang, F., Gong, F., Sargor, C., Goseva-Popstojana, Trivedi, K., Jou, F.: SITAR - a Scalable Intrusion-Tolerant Architecture for Distributed Services. In: proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, June 2001, pp. 38–45. IEEE Computer Society Press, Los Alamitos (2001)
Bait and Switch Honeypot.[Online]. Available: http://baitnswitch.sourceforge.net/
Snort - a network intrusion detection system. [Online]. Available: http://www.snort.org
Anagnostakis, K., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., Keromytis, A.: Detecting targeted attacks using shadow honeypots. ICS-FORTH, Crete, Greece, Tech. Rep. TR-348 (January 2005)
Broen, T.: Innbruddstolerante systemer: En eksperimentell utprøving og vurdering. Master’s thesis, University of Oslo, Norway (May 2005)
Hoglund, G., Butler, J.: Rootkits, 1st edn. Addison-Wesley, Reading (2006)
Labs,S.: The Samhain file integrity system user manual, available from http://la-samhna.de/samhain/manual
Bace, R.G.: Intrusion Detection. Macmillian Technical Publishing (2000)
Northcutt, S., Novak, J.: Network Intrusion Detection, 3rd edn. New Riders Publishing (2002)
Ashrafi, N., Berman, O., Cutler, M.: Optimal-design of large software-systems using n-version programming. IEEE Transactions on Reliability 43(2), 344–350 (1994)
Wang, L., Dasgupta, P.: Kernel and Application Integrity Assurance: Ensuring Freedom from Rootkits and Malware in a Computer System. In: Proceedings of the Third IEEE International Symposium on Security in Networks and Distributed Systems, IEEE Computer Society Press, Los Alamitos (to appear, 2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jaatun, M.G., Nyre, Å.A., Sørensen, J.T. (2007). Survival by Deception. In: Saglietti, F., Oster, N. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2007. Lecture Notes in Computer Science, vol 4680. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75101-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-75101-4_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75100-7
Online ISBN: 978-3-540-75101-4
eBook Packages: Computer ScienceComputer Science (R0)