Secure (S)Hell: Introducing an SSH Deception Proxy Framework
Daniel Reti, David Klaa{\ss}en, Simon Duque Anton, Hans Dieter, Schotten
TL;DR
This paper introduces a framework for deploying decoy elements via an SSH proxy, enhancing deception techniques in network security without modifying host systems, thereby increasing attacker uncertainty and detection capabilities.
Contribution
The paper presents a novel SSH deception proxy framework that allows dynamic deployment of decoys without host modifications, improving deception strategies against attackers.
Findings
Enables on-the-fly deployment of decoys
Increases attacker uncertainty and detection
Does not require host system modifications
Abstract
Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers becoming more careful to avoid honeypots, other decoy elements on real host systems continue to create uncertainty for attackers. This uncertainty makes an attack more difficult, as an attacker cannot be sure whether the system does contain deceptive elements or not. Consequently, each action of an attacker could lead to the discovery. In this paper a framework is proposed for placing decoy elements through an SSH proxy, allowing to deploy decoy elements on-the-fly without the need for a modification of the protected host system.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.