AUTOMATION OF THE USE OF FALSE COMPONENTS IN THE INFORMATION SYSTEM
Cite as: S.A. Smirnov, N. Yu. Parotkin, V.V. Zolotarev. Automation of the use of false components in the information system // Izvestiya SFedU. Engineering Sciences – 2024. – N. 6. - P. 209-218. doi: 10.18522/2311-3103-2024-6-209-218
Abstract
The article considers the applicability of deceptive information systems and their components in
building an automated system for deploying and managing the applied implementation of deceptive component
technology to improve the attack prevention system. The main advantages and the role of technology
in the information security strategy setting the specifics and the area of technology means and tools
practical appliance are suggested. The article considers the fundamentals of the architecture and features
of the technology application, as well as its limitations. The purpose and the objective of using the present
technology is pointed in terms of key principles of implementation disclosure. In addition, regulatory publications
and other recommendations constituting the best practices in the field of its use were analyzed.
The concept and architecture of the final automated solution for integration into information systems and
security systems are considered, and the functional content of the final solution is described. A distinctive
feature of the proposed solution is the use of controlled containerization mechanisms, that provide ample
opportunities for scaling the solution and isolating compromised system components as a result of an
intruder's actions. A formulated process of the automation system practical implementation in perspective
of solution subsystems is schematically described in relation to dependent components (such as suggested
document pieces and outer tools and systems) and included operations processing conditions. A model of
deployment and operation of a distributed automation system is also provided in the following sequence:
setting up a deployment server (including provisioning), deploying a network of false decoy components
based on containerization, deploying external baits, integrating with systems and instances of the information
security stack external to the composition of the solution. The solution is implemented by means of
the principle: fake assets and resources of the fictive environment are deployed in an information technology
infrastructure using controls and are intended to be affected by the adversary. The deployed set of
subsystem tools was tested using a third-party node with the appropriate tools and scanning scenarios.
Recommendations are given for further improvement of the automation system for deployment and management
of tools and measures for deceptive component technology.
References
Networks, inc: 2019, vi, 116 p. Available at: https://www.bankinfosecurity.com/whitepapers/
deception-based-threat-detection-shifting-power-to-defenders-w-5780 (accessed 07 January 2024).
2. ITRC: 2023 Data Breach Reportб Identity Theft Resource Center: 2024б 40 p. Available at:
https://www.idtheftcenter.org/ publication/2023-data-breach-report/ (accessed 13 March 2024).
3. SCALE: Cybersecurity Perspectives 2023, SCALE, 20 p. Available at: https://www.scalevp.com/wpcontent/
uploads/2023/10/Scale-Security-Report-2023-Final.pdf (accessed 14 March 2024).
4. Attivo Networks: Defending Against Insider Threats with Attivo Networks: whitepaper,
Attivo Networks, 2019, 5 p. Available at: https://www.bankinfosecurity.com/whitepapers/defendingagainst-
insider-threats-attivo-networks-w-5784 (accessed 14 March 2024).
5. Metodicheskiy dokument. Mery zashchity informatsii v gosudarstvennykh informatsionnykh
sistemakh: metodicheskiy dokument FSTEK [Methodological document. Information security
measures in state information systems: FSTEC methodological document]: official publication: approved
on February 11, 2014: introduced for the first time: date of introduction 2014-02-11. Moscow:
ZAO «Kodeks», 2014, 128 p.
6. Bellekens X. How Does Cyber Deception Work and Why Should you Care? Available at:
https://www.lupovis.io/how-does-cyber-deception-work/ (accessed 07 January 2024).
7. Strand J., Asadoorian P. [и др.]. Offensive Counter-measures: The Art of Active Defense. Selfpublished,
2017, 167 p. ISBN: 1974671690.
8. Lachow I. Active Cyber Defense: A framework for Policymakers, Vol. 2022, Article ID 3949292,
17 p. Available at: https://www.cnas.org/publications/reports/active-cyber-defense-a-framework-forpolicymakers
(accessed 15 March 2024).
9. Srinivasa S., Pedersen M. [и др.]. Gotta catch’ em all: A Multistage Framework for Honeypot fingerprinting,
26 p. Available at: https://www.researchgate.net/publication/354776911 (accessed 15 March 2024).
10. Cohen E. DECEPTION: TYPES, PRINCIPLES, AND TACTICS, IS: The International Journal of an
Emerging Transdiscipline, 2019, Vol. 22, pp. 137-156. DOI: 10.28945/4487. Available at:
https://www.researchgate.net/publication/344634437 (accessed 19 January 2024).
11. Wang C., Lu Z. IEEE Security Cyber Deception Overview and The Road Ahead, IEEE Security and
Privacy Magazine. IEEE, 2018, 16 (2), pp. 80-85. DOI: 10.1109/MSP.2018.1870866. Available at:
https://www.researchgate.net/publication/324117795 (accessed 17 January 2024).
12. Putyato M.M., Makaryan A.S. [i dr.]. Issledovanie primeneniya tekhnologii deception dlya
predotvrashcheniya ugroz kiberbezopasnosti [Study of the application of deception technology to prevent
cybersecurity threats], Prikaspiyskiy zhurnal: upravlenie i vysokie tekhnologii [Caspian Journal:
Management and High Technologies], 2020, No. 4 (52). DOI: 10.21672/2074-1707.2020.52.4.085-
098, 14 p. Available at: https://hi-tech.asu.edu.ru/?articleId=1260 (accessed 16 March 2024).
13. Advanced Threat Protection: Threat Detection and Threat Prevention: Tools and Tech. Available at:
https://www.cynet.com/advanced-threat-protection/threat-detection-and-threat-prevention-tools-andtech/
(accessed 29 March 2024).
14. Li Zhang., Thing L. Three Decades of Deception Techniques in Active Cyber Defense – Retrospect
and Outlookб 19 p. Available at: https://www.researchgate.net/publication/350750138 (accessed 16
April 2024).
15. Islam M.M., Al-Shaer E. Active Deception Framework: An Extensible Development Environment for
Adaptive Cyber Deception, 2020 IEEE Secure Development (SecDev). Conference: IEEE
28-30 September 2020, pp. 41-48. DOI: 10.1109/SecDev45635.2020.00023. Available at:
https://ieeexplore.ieee.org/document/9230100 (accessed 26 April 2024).
16. Heckman K.E., Stech F.J. [и др.]. Denial and Deception in Cyber Defense. The MITRE Corporation,
IEEE. Computer, 2015, Vol. 48, Issue 4, pp. 36-44. DOI: 10.1109/MC.2015.104. Available at:
https://ieeexplore.ieee.org/abstract/document/7085646 (accessed 30 April 2024).
17. Mizrahi R. Deploying Deception in the Enterprise Network. Available at:
https://www.darkreading.com/attacks-breaches/deploying-deception-in-the-enterprise-network (accessed
30 March 2022).
18. Bowcut S. Decoys, Deception Sensors, and Breadcrumb Data – What’s a Hacker To Do? Available at:
https://brilliancesecuritymagazine.com/cybersecurity/decoys-deception-sensors-and-breadcrumb-datawhats-
a-hacker-to-do/ (accessed 11 April 2022).
19. R-Vision Threat Deception Platform. – Имитация ИТ-инфраструктуры для обнаружения кибера-
так / R-Vision. – 4 p. Available at: https://rvision.ru/storage/2022/04/07/hN63FoYRijfyB
KiYGx3Dytc1QhrZklagh0K9WYbr.pdf (accessed 10 April 2022).
20. Bortnikov S. Ispol'zovanie lovushek (Deception) dlya obnaruzheniya zloumyshlennikov v infrastructure
[Using traps (Deception) to detect intruders in the infrastructure]. Available at: https://www.antimalware.
ru/analytics/Technology_Analysis/Intruder-Detection-Using-Deception (accessed 09 May 2024).
