ISSN : 1796-203X
Volume : 2    Issue : 2    Date : April 2007

Defending Cyberspace with Fake Honeypots
Neil C. Rowe, E. John Custy, and Binh T. Duong
Page(s): 25-36
Full Text:
PDF (352 KB)

Honeypots are computer systems designed for no purpose other than recording attacks on them.
Cyberattackers should avoid them since honeypots jeopardize the secrecy of attack methods and it
is hard to launch attacks from them. This suggests that a computer system might pretend to be a
honeypot to scare away attackers, reducing the number of attacks and their severity. This could be
done on ordinary computer systems as a kind of “vaccination” of those systems, to create what we
call “fake honeypots”. After some background, we examine this idea from three perspectives. We
develop a mathematical model of what would make an attacker go away. We report experiments
with deliberate distortions on text to see at what point people could detect deception, and discover
they can respond to subtle clues. We then report experiments with real attackers against a
honeypot. Results show that attacks on it decreased over time (which may indicate that attackers
are being scared away), irregular outages of the honeypot stimulated attacks, and other changes
occurred in response to our manipulations. We conclude with some speculation about the
escalation of honeypot-antihoneypot techniques.

Index Terms
honeypots, deception, intrusion-detection systems, defense, signatures