Threats against computer networks continue to multiply, but existing security solutions are persistently unable to keep pace with these challenges. In this paper we present a new paradigm for securing computational resources which we call decoy technology. This technique involves seeding a system with data that appears authentic but is in fact spurious. Attacks can then be detected by monitoring this phony information for access events. Decoys are capable of detecting malicious activity, such as insider and masquerade attacks, that are beyond the scope of traditional security measures. They can be used to address confidentiality breaches either proactively or after they have taken place. This work examines the challenges that must be overcome in order to successfully deploy decoys as part of a comprehensive security solution. It discusses situations where decoys are particularly useful as well as characteristics that effective decoy material should share. Furthermore, we describe the tools that we have developed to efficiently craft and distribute decoys in order to form a network of sensors that is capable of detecting adversarial action that occurs anywhere in an organizations system.
展开▼
