Deception story: The attacker overcomes security controls and reaches log files
Associated deception techniques: T1-Fake Database, T4-Log Manipulation
Associated MITRE ATT&CK techniques: T1139
Given the system has some vulnerability
And an attacker gains access to the file system
And the attacker reaches the log files location
And the attacker touches the log file
And the attacker inspects the records
And the attacker finds URL/User of database
When the attacker tries to gain access to the
database using bogus user accounts
Then an alert is sent to management system
| Strategy | Description |
|---|---|
| Goal | 1) Identify attackers trying to gain access to the server, 2) Divert attackers with bogus data pointing to multiple directions |
| Attackers’ biases | Availability heuristic (Overestimate the importance of sensitive data inside the log file) |
| Monitoring channels | Depends on the implementation; Authentication function, Honeypot logs |
| Risks and countermeasures | Attacker identifies data as fake |
- C. De Faveri and A. Moreira, "Designing Adaptive Deception Strategies," 2016 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), Vienna, 2016, pp. 77-84.