Network Monitoring and Deceptive Defenses
January 2016 • Presentation
In this FloCon 2016 presentation, the authors discuss the use of network monitoring to support deceptive defenses.
We discuss the integration of deceptive defenses with network monitoring by focusing on the problem of file exfiltration—copying files from a network. A potential deceptive defense against exfiltration is to artificially inflate the size of critical files (e.g., proprietary information, password files). Such a defense is most effective when combined with situational awareness—an understanding of how large these files have to be to impose a risk on an attacker.