Optimized Deployment of Honeypages Based on Multi-strategy Combinations

Optimized Deployment of Honeypages Based on Multi-strategy Combinations

연구 분야: Software Development

학회: International Conference on Network Simulation and Evaluation

Cyber attackers continually generate new threats, posing significant challenges to network security defenses. Deceptive defense techniques are considered as an effective means of enhancing network security. Existing deceptive defense techniques often deploy honeypots in environments far removed from the actual protected systems, making them susceptible to detection by attackers. To address this issue, a practical deceptive defense method is to deploy some “honeypages”, which are some simulated web pages to mislead the attackers. Attackers can be detected by monitoring who has accessed honeypages. To achieve this goal, a key challenge that needs to be addressed is how to select appropriate honeypage deployment paths to make it more effective to capture attackers. The main contribution of this paper is an optimized design of a honeypage deployment method based on multiple strategy combinations, allowing these honeypages to be deployed along paths where attackers are more likely to access. By our method, honeypages can be deployed on the paths maintaining concealment and obfuscation, as well as rendering attackers unaware of their entry into the honeypages. We applied the defense optimization strategies to real-world business scenarios and deployed honeypages for a period of 21 days. The analysis on the real-world data demonstrated the practical effectiveness of our approach.