Defending Cyberspace with Fake Honeypots

Honeypots are computer systems designed for no purpose other than recording attacks on them. Cyberattackers should avoid them since honeypots jeopardize the secrecy of attack methods and it is hard to launch attacks from them. This suggests that a computer system might pretend to be a honeypot to scare away attackers, reducing the number of attacks and their severity. This could be done on ordinary computer systems as a kind of “vaccination” of those systems, to create what we call “fake honeypots”. After some background, we examine this idea from three perspectives. We develop a mathematical model of what would make an attacker go away. We report experiments with deliberate distortions on text to see at what point people could detect deception, and discover they can respond to subtle clues. We then report experiments with real attackers against a honeypot. Results show that attacks on it decreased over time (which may indicate that attackers are being scared away), irregular outages of the honeypot stimulated attacks, and other changes occurred in response to our manipulations. We conclude with some speculation about the escalation of honeypot-antihoneypot