Deception Technology: architecture and classification

Authors

  • Artem Zhylin Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv, Ukraine https://orcid.org/0000-0002-4959-612X
  • Olha Shevchuk Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv, Ukraine https://orcid.org/0000-0002-2866-439X

DOI:

https://doi.org/10.20535/2411-1031.2021.9.2.249897

Keywords:

Deception Technology, honeypot, T-Pot, protection systems

Abstract

Due to the rapid growth and modification of hacker attacks, it is important to study security measures that would allow analyzing the behavior of an attacker on the network. Known methods of defense have their drawbacks and in most cases do not allow analyzing the actions of the attacker during the deployment of the attack. To solve these problems, new protection technologies are beginning to emerge, known as Deception Technology, which can reduce the load on the system (the number of security events) and help investigate the actions of an attacker in real time. The article discusses Deception Technology as a technology that not only eliminates the main drawback of standard security tools, namely the large number of generated security events that need to be processed, stored and responded to, but also allows you to investigate and analyze the actions of attackers. For the accurate and correct use of this technology, the question arises of studying its development and classifying solutions. Therefore, the main task that was being solved was the classification of Deception Technology. Along with overcoming the shortcomings of standard means of protection, the task of proving the effectiveness of the technology arises. The implementation of Deception Technology is carried out on the example of the T-Pot solution, the components of which are a fairly large number of honeypots that emulate network services. As a result of the work, a classification of Deception Technology and a description of its architecture are proposed. As an example, the implementation of the analyzed protection class is shown in order to prove the effectiveness of its work in real time and it is determined that due to the small amount of information collected it is easy to compare and identify the security area of the system. When viewing statistics on the use of logins and passwords, the most frequently used ones were identified, namely, the numeric passwords “1234” and “123456”, which in recent years have been the most used by cybercriminals in hacking systems.

Author Biographies

Artem Zhylin, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv

сandidate of technical sciences, associate professor, professor at the cybersecurity and application of information systems and technology academic department

Olha Shevchuk, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv

trainee teacher at the cybersecurity and application of information systems and technology academic department

References

Topical cyber threats: IV quarter of 2021, 2021. [Online]. Available: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2021-q4/. Accessed on: Aug. 11, 2021.

Current cyber threats: results of 2020, 2021. [Online]. Available: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020/. Accessed on: Aug. 11, 2021.

Intrusion detection and prevention systems, 2015. [Online]. Available: https://wiki.merionet.ru/seti/2/ids-ips/. Accessed on: Aug. 15, 2021.

Advantages and Disadvantages of Firewall Technologies, 2015. [Online]. Available: https://studfile.net/preview/4431318/page:9/. Accessed on: Aug. 15, 2021.

I. Mokube, and M. Adams, “Honeypots: Concepts, Approaches, and Challenges”, in Proc. of the 45th Annual Southeast Regional Conference, New York, pp. 321-326, 2007, doi: https://doi.org/10.1145/1233341.1233399.

C. Keong NG, L. Pan, and Y. Xiang, Honeypot Frameworks and Their Applications: A New Framework, Singapore: Springer, 2018, doi: https://doi.org/10.1007/978-981-10-7739-5.

Deception technology, 2020. [Online]. Available: https://xakep.ru/2020/07/28/deception. Accessed on: Aug. 27, 2021.

What is Deception Technology, 2017. [Online]. Available: https://www.forcepoint.com/cyber-edu/deception-technology. Accessed on: Aug. 20, 2021.

Deception technology, 2016. [Online]. Available: https://www.csoonline.com/article/3113055/deception-technology-grows-and-evolves.html. Accessed on: Aug. 27, 2021.

S. A. Faulkner, “Looking to Deception Technology to Combat Advanced Persistent Threats”, a dissertation project, Utica College, 2017.

Deception technology, 2020. [Online]. Available: https://habr.com/ru/company/tssolution/blog/522374/. Accessed on: Aug. 30, 2021.

T-POT, 2016. [Online] Available: http://epistasislab.github.io/tpot/using/. Accessed on: Sept. 10, 2021.

Honeypot, 2018 [Online]. Available: https://www.techtarget.com/searchsecurity/definition/honey-pot. Accessed on: Aug. 30, 2021.

IDS Deployment, 2013. [Online]. Available: https://intuit.ru/studies/courses/20/20/lecture/633?page=3#keyword89. Accessed on: Aug. 30, 2021.

P. Lackner, “How to Mock a Bear: Honeypot, Honeynet, Honeywall & Honeytoken: A Survey”. [Online]. Available: https://www.insticc.org/node/TechnicalProgram/iceis/2021/presentationDetails/104000. Accessed on: Aug. 30, 2021.

Honeypot Technologies. Part 2: Honeypot Classification, 2006. [Online]. Available: https://www.securitylab.ru/analytics/275775.php. Accessed on: Sept. 12, 2021.

Deception technology, 2019. [Online]. Available: https://www.gartner.com/en/documents/3939890/solution-comparison-for-six-threat-deception-platforms. Accessed on: Sept. 17, 2021.

R. C. Joshi, and A. Sardana, Honeypots A New Paradigm to Information Security. Boca Raton: CRC Press, 2011.

T-POT, 2018. [Online]. Available: https://cyber-99.co.uk/t-pot-honeypot-framework-installation. Accessed on: Sept. 25, 2021.

T-POT, 2020 [Online]. Available: https://github.com/telekom-security/tpotce. Acceessed on: Sept. 10, 2021.

Passwords. [Online]. Available: https://www.tadviser.ru/index.php. Acceessed on: Sept. 10, 2021.

Downloads

Published

2021-12-30

How to Cite

Zhylin, A., & Shevchuk, O. (2021). Deception Technology: architecture and classification. Collection "Information Technology and Security", 9(2), 165–175. https://doi.org/10.20535/2411-1031.2021.9.2.249897

Issue

Vol. 9 No. 2 (2021)

Section

INFORMATION WARFARE

License

Copyright (c) 2021 Information Technology and Security

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).