Next: Anomaly detection
Up: Intrusion Detection 101
Previous: Misuse detection
- Deception
- honeypots - lure attackers away from real systems with apparently vulnerable
decoys
- Example systems
- Deception Toolkit, NAI CyberCop Sting, Monkey MasterBaiter, various custom-built
sacrificial servers [Ches92]
- Problems
- unacceptable for most sites - attracts attackers, legal entrapment, politically
incorrect) - so no commercial potential
- but - no false positives!
Dug Song
1999-09-17