Learn More
This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honey file is accessed. For example, a honeyfile named "passwords.txt" would be enticing to most hackers. The file server's end-users create honeyfiles, and(More)
DECIDUOUS is a security management framework for identifying the sources of network-based intrusions. The rst key concept in DECIDUOUS is dynamic security associations, which e ciently and collectively provide location information for attack sources. DECIDUOUS is built on top of IETF's IPSEC/ISAKMP infrastructure, and it does not introduce any new network(More)
Network-based intrusion has become a serious threat to today’s highly networked information systems, yet the overwhelming majority of current network security mechanisms are “passive” in response to network-based attacks. In particular, tracing and detection of the source of network-based intrusion has been left largely untouched in existing intrusion(More)
An intrusion-detection system (IDS) for an on-going attack is described. Prior to an attack, an IDS operates in anticipation of a general threat. During an attack, the IDS can deal less in the general and more in the particularnamely, particulars about attackers and attacked devices. A profile of the attacker is developed, using information he reveals about(More)
Deception offers one means of hiding things from an adversary. This paper introduces a model for understanding, comparing, and developing methods of deceptive hiding. The model characterizes deceptive hiding in terms of how it defeats the underlying processes that an adversary uses to discover the hidden thing. An adversary’s process of discovery can take(More)
  • Mboupda Moyo Achille, Atsa Etoundi Roger, +18 authors Achille Moyo
  • 2014
Intrusion detection techniques have appeared to inspect all of the inbound and outbound network activities, and to identify suspicious patterns that indicate an attack that might compromise an information system. However, related information can be collected so as to supply evidence in criminal and civil legal proceedings. Several works have been carried(More)
A network device is considered compromised when one of its security mechanisms is defeated by an attacker. For many networks, an attacker can compromise many devices before being discovered. However, investigating devices for compromise is costly and time-consuming, making it dicult to investigate all, or even most, of a network's devices. Further,(More)
Vulnerability to deception is part of human nature, owing to fundamental limitations of the human mind. This vulnerability is exploited by con artists and scammers, but also by the military, intelligence, and law enforcement communities for the purposes of operational security, intelligence collection on adversaries, and undercover operations against(More)
  • 1