A review of technologies for deceiving an attacker (traps, decoys, moving target defense, deception platform), their classification and interaction
Abstract
A review of technologies for deceiving an attacker (traps, decoys, moving target defense, deception platform), their classification and interaction
Incoming article date: 17.10.2024The purpose of the article is to review various types how to deceive attackers in the network, analyze the applicability and variability of modern deception technologies. The method of investigation - analyzing existing articles in reviewed Russian and foreign sources, aggregating researches, forming conclusions based on the analyzed sources. The review article considers technologies of deception an attacker (Honeypot traps, Honeytoken decoys, moving target defense MTD, Deception platform). The effectiveness of the use of deception in terms of the impact on the mental state of a person is given in the article. The article provides a description of different types of Honeypots, discusses the classification according to the target, place of introduction, level of interaction, location, type of introduction, homogeneity and type of activity. as well as their component parts. Different strategies for using traps in the network are discussed - sacrificial lamb, hacker zoo, minefield, proximity traps, redirection screens, and deception ports. Classification of decoys is given, methods of their application in an organization's network are described, additional conditions that increase the probability of detection of an attacker by using decoys are specified. The basic techniques of the MTD strategy to obfuscate the infrastructure are given. The interaction of these methods with Honeypot and Honeytoken technologies is described. Research that confirms the effectiveness of using MTD in conjunction with traps and decoys is given it he article, the difficulties in using this strategy are pointed out. A description of the Deception platform is given, its distinctive features from conventional traps and decoys are described, and the possibility of its interaction with MTD is given. As a result, the main technologies and strategies to deceive the attacker have been identified and described, their development is pointed, their interaction with attackers and counteraction to them is described.
Keywords: Deception Platform, Honeypot, Honeytoken, Honeynet, MTD