Abstract
Cyber-deception is a well-established yet rapidly evolving field within cybersecurity that focuses on deceiving attackers to protect networks and systems. Despite its potential, the field faces several challenges that impede its advancement. Existing deception mechanisms often suffer from fundamental design flaws. Additionally, evaluating the effectiveness of these mechanisms remains a significant challenge. In this paper, we propose to address the limitations and weaknesses of the existing honeypot systems by incorporating bio-inspired deceptive approaches: camouflage, bluffing and playing dead. We evaluate the effectiveness of three such strategies by deploying 10 instances of Cowrie honeypots over a two-week period, capturing a total of 470,302 SSH and 40,867 Telnet login attempts from 8,874 unique IP addresses. Our analysis looks at the impact of bio-inspired features on session duration and the speed with which attackers leave the honeypots. The results reveal that modifications to baseline SSH honeypots encourage longer attacker engagement, whereas for Telnet, attackers tend to exit faster. These findings suggest that bio-inspired modifications can influence attacker behavior and enhance the overall efficacy of cyber-deception strategies.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of 4th Workshop on Active Defense and Deception (AD&D) : Co-located with the 10th IEEE European Symposium on Security and Privacy (Euro S&P) |
| Number of pages | 10 |
| Publisher | IEEE |
| Publication status | Accepted/In press - 2025 |
| Event | 4th Workshop on Active Defense and Deception - Venice, Italy Duration: 4 Jul 2025 → 4 Jul 2025 |
Workshop
| Workshop | 4th Workshop on Active Defense and Deception |
|---|---|
| Country/Territory | Italy |
| City | Venice |
| Period | 04/07/2025 → 04/07/2025 |
Keywords
- Cyber-deception
- Honeypots
- Bio-inspired deception