DECEPTIVE DECOYS: COMBINING BELIEVABLE USER AND NETWORK ACTIVITIES AND DECEPTIVE NETWORK SETUP IN ENHANCING EFFECTIVENESS

Cybersecurity threats are a malicious act that seeks to damage, steal, or gain unauthorized access to information. In recent years there has been an attempt by cybersecurity specialists to come up with an effective system that proactively protects the systems from cyber-attacks. Cyber deception is one efficient method that makes use of decoys to entrap attacks and divert them from real systems. However, existing cyber decoys lack efficiency in hiding true identity due to impractical user activity and network simulation. In this paper, we propose a hybrid decoy system that combines the use of two-layered decoys in the front-end and back-end with an SSH tunnel in between. The front-end decoys will capture attacks and forward them to backend decoys for execution and feedback. General HOSTS framework was used to generate believable user and network activities that can effectively convince the attackers that they are attacking the real systems. All attacker activities are logged by Logstash and presented using Grafana with the Kibana user interface. The experimental results demonstrate that our system can effectively misdirect and misinform attackers by combining deceptive network setup and configurations as well as generating fake user and network activities.