Secure (S)Hell: Introducing an SSH Deception Proxy Framework

@article{Reti2021SecureI,
  title={Secure (S)Hell: Introducing an SSH Deception Proxy Framework},
  author={Daniel Reti and David Klaassen and Simon D. Duque Ant{\'o}n and Hans D. Schotten},
  journal={2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)},
  year={2021},
  pages={1-6}
}
  • Daniel Reti, David Klaassen, H. Schotten
  • Published 8 April 2021
  • Computer Science
  • 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers becoming more careful to avoid honeypots, other decoy elements on real host systems continue to create uncertainty for attackers. This uncertainty makes an attack more difficult, as an attacker cannot be sure whether the system does contain deceptive elements… 
View on IEEE
arxiv.org
1 Citations

Figures from this paper

One Citation

Research on Network Security Situational Awareness Based on Crawler Algorithm
TLDR
By designing a network security event analysis tool based on text processing, the data cleaning of network security time text information is completed, and a set of networkSecurity event processing solutions with high applicability and comprehensiveness are formed.

References

SHOWING 1-10 OF 18 REFERENCES
Toward a general theory of deception
Cyber Kill Chain
A Honeypot Proxy Framework for Deceiving Attackers with Fabricated Content
TLDR
This paper discusses the idea of deceiving attackers with fake services and fabricated content in order to find out more about malware’s functionality and to hamper cyber intelligence.
YAAS - On the Attribution of Honeypot Data
TLDR
A holistic scheme to derive characteristics from honeypot data and to map this data to an attacker model is introduced, which results in most attacks being rather harmless, but a few outliers have been identified.
Demystifying Deception Technology: A Survey
TLDR
An extensive overview of the deception technology environment is presented and taxonomies, theoretical backgrounds, psychological aspects as well as concepts, implementations, legal aspects and ethics are discussed and compared.
Investigation of modern attacks using proxy honeypot
TLDR
Implementation of the honeypot based on the open proxy server allows to log all activity on the investigated proxy and classification of malicious users and the statistics of the attacks' sources are provided.
Evaluation of Deception-Based Web Attacks Detection
TLDR
A preliminary study seems to suggest that deception is a valuable companion of other detection techniques but it may not be suitable as a single standalone protection mechanism.
Parameter manipulation attack prevention and detection by using web application deception proxy
TLDR
This paper proposes web application deception proxy as a defense approach, and it is shown that it is very helpful to prevent and detect web application attacks.
IBM Security , “ Cost of a data breach report 2020 , ” 2020 . [ Online ]
    The cyber kill chain," last visited 03-11-2020
      ...
      ...