Application Layer Cyber Deception without Developer Interaction

TL;DR

This paper reviews 19 methods for deploying application layer cyber deception without developer interaction, highlighting novel techniques beyond traditional honeypots and proxies to enhance dynamic, personalized security measures.

Contribution

It provides a comprehensive review and evaluation of existing methods, identifying promising new techniques for application-layer cyber deception that do not require source code access.

Findings

Some novel deception techniques show promise for practical deployment.

Many existing methods are limited by operational or topological constraints.

Overcoming technical challenges can enable more adaptive and personalized cyber deception.

Abstract

Cyber deception techniques that are tightly intertwined with applications pose significant technical challenges in production systems. Security measures are usually the responsibility of a system operator, but they are typically limited to accessing built software artifacts, not their source code. This limitation makes it particularly challenging to deploy cyber deception techniques at application runtime and without full control over the software development lifecycle. This work reviews 19 technical methods to accomplish this and evaluates them based on technical, topological, operational, and efficacy properties. We find some novel techniques beyond honeypots and reverse proxies that seem to have received little research interest despite their promise for cyber deception. We believe that overcoming these technical challenges can drive the adoption of more dynamic and personalized cyber deception techniques, tailored to specific classes of applications.