Do You Really Need to Disguise Normal Servers as Honeypots?

Suhyeon Lee, Kwangsoo Cho, Seungjoo Kim

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    2 Citations (Scopus)

    Abstract

    A honeypot, which is a kind of deception strategy, has been widely used for at least 20 years to mitigate cyber threats. Decision-makers have believed that honeypot strategies are intuitive and effective, since honeypots have successfully protected systems from Denial-of-Service (DoS) attacks to Advanced Persistent Threats (APT) in real-world cases. Nonetheless, there is a lack of research on the appropriate level of honeypot technique application to choose real-world operations. We examine and contrast three attack-defense games with respect to honeypot detection techniques in this paper. In particular, we specifically design and contrast two stages of honeypot technology one by one, starting with a game without deception. We demonstrate that the return for a defender using honeypots is higher than for a defender without them, albeit the defender may not always benefit financially from using more honeypot deception strategies. Particularly, disguising regular servers as honeypots does not provide defenders with a better reward. Furthermore, we take in consideration that fake honeypots can make maintaining normal nodes more costly. Our research offers a theoretical foundation for the real-world operator's decision of honeypot deception tactics and the required number of honeypot nodes.

    Original languageEnglish
    Title of host publicationMILCOM 2022 - 2022 IEEE Military Communications Conference
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages166-172
    Number of pages7
    ISBN (Electronic)9781665485340
    DOIs
    Publication statusPublished - 2022
    Event2022 IEEE Military Communications Conference, MILCOM 2022 - Rockville, United States
    Duration: 2022 Nov 282022 Dec 2

    Publication series

    NameProceedings - IEEE Military Communications Conference MILCOM
    Volume2022-November

    Conference

    Conference2022 IEEE Military Communications Conference, MILCOM 2022
    Country/TerritoryUnited States
    CityRockville
    Period22/11/2822/12/2

    Bibliographical note

    Publisher Copyright:
    © 2022 IEEE.

    Keywords

    • cybersecurity
    • game theory
    • honeypot
    • signaling game

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering

    Fingerprint

    Dive into the research topics of 'Do You Really Need to Disguise Normal Servers as Honeypots?'. Together they form a unique fingerprint.

    Cite this