A honeypot proxy framework for deceiving attackers with fabricated content

Abstract

Deception is a promising method for strengthening software security. It differs from many traditional security approaches as it does not directly prevent the attacker’s actions but instead aims to learn about the attacker’s behavior. In this paper, we discuss the idea of deceiving attackers with fake services and fabricated content in order to find out more about malware’s functionality and to hamper cyber intelligence. The effects of false data on the malware’s behavior can be studied while at the same time complicating cyber intelligence by feeding fallacious content to the adversary. We also discuss the properties required from a tool generating fabricated entities. We then introduce a design for a honeypot proxy that generates fallacious content for fake services in order to deceive attackers, and test our implementation’s accuracy and performance. We conclude that although challenging in many ways, deceiving adversaries with fake services is a promising and feasible approach in order to protect computer systems and analyze malware.