{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:50:37Z","timestamp":1780635037283,"version":"3.54.1"},"reference-count":126,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,7,25]],"date-time":"2018-07-25T00:00:00Z","timestamp":1532476800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2019,7,31]]},"abstract":"<jats:p>A recent trend both in academia and industry is to explore the use of deception techniques to achieve proactive attack detection and defense\u2014to the point of marketing intrusion deception solutions as zero-false-positive intrusion detection. However, there is still a general lack of understanding of deception techniques from a research perspective, and it is not clear how the effectiveness of these solutions can be measured and compared with other security approaches. To shed light on this topic, we introduce a comprehensive classification of existing solutions and survey the current application of deception techniques in computer security. Furthermore, we discuss the limitations of existing solutions, and we analyze several open research directions, including the design of strategies to help defenders to design and integrate deception within a target architecture, the study of automated ways to deploy deception in complex systems, the update and re-deployment of deception, and, most importantly, the design of new techniques and experiments to evaluate the effectiveness of the existing deception techniques.<\/jats:p>","DOI":"10.1145\/3214305","type":"journal-article","created":{"date-parts":[[2018,7,26]],"date-time":"2018-07-26T11:58:04Z","timestamp":1532606284000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":94,"title":["Deception Techniques in Computer Security"],"prefix":"10.1145","volume":"51","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3839-1655","authenticated-orcid":false,"given":"Xiao","family":"Han","sequence":"first","affiliation":[{"name":"Orange Labs, Ch\u00e2tillon, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Nizar","family":"Kheir","sequence":"additional","affiliation":[{"name":"Thales, Palaiseau, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Davide","family":"Balzarotti","sequence":"additional","affiliation":[{"name":"Eurecom, Biot, France"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2018,7,25]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_12"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the IEEE International Conference for Internet Technology and Secured Transactions (ICITST\u201914)","author":"Alese Boniface Kayode","unstructured":"Boniface Kayode Alese , F. M. Dahunsi , R. A. Akingbola , O. S. Adewale , and T. J. Ogundele . 2014. Improving deception in honeynet: Through data manipulation . In Proceedings of the IEEE International Conference for Internet Technology and Secured Transactions (ICITST\u201914) . Boniface Kayode Alese, F. M. Dahunsi, R. A. Akingbola, O. S. Adewale, and T. J. Ogundele. 2014. Improving deception in honeynet: Through data manipulation. In Proceedings of the IEEE International Conference for Internet Technology and Secured Transactions (ICITST\u201914)."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the International Conference on Cyber Warfare and Security.","author":"Almeshekah Mohammed","year":"2014","unstructured":"Mohammed Almeshekah and Eugene Spafford . 2014 a. The case of using negative (deceiving) information in data protection . In Proceedings of the International Conference on Cyber Warfare and Security. Mohammed Almeshekah and Eugene Spafford. 2014a. The case of using negative (deceiving) information in data protection. In Proceedings of the International Conference on Cyber Warfare and Security."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2683467.2683482"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664285"},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the 14th USENIX Security Symposium.","author":"Anagnostakis Kostas G.","unstructured":"Kostas G. Anagnostakis , Stelios Sidiroglou , Periklis Akritidis , Konstantinos Xinidis , Evangelos P. Markatos , and Angelos D. Keromytis . 2005. Detecting targeted attacks using shadow honeypots . In Proceedings of the 14th USENIX Security Symposium. Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos P. Markatos, and Angelos D. Keromytis. 2005. Detecting targeted attacks using shadow honeypots. In Proceedings of the 14th USENIX Security Symposium."},{"key":"e_1_2_1_8_1","volume-title":"Deception as Detection","author":"Anton Chuvakin","year":"2016","unstructured":"Chuvakin Anton . 2016. \u201c Deception as Detection \u201d or Give Deception a Chance? Retrieved from http:\/\/blogs.gartner.com\/anton-chuvakin\/ 2016 \/01\/08\/de ception-as-detection-or-give-deception-a-chance. Chuvakin Anton. 2016. \u201cDeception as Detection\u201d or Give Deception a Chance? Retrieved from http:\/\/blogs.gartner.com\/anton-chuvakin\/2016\/01\/08\/de ception-as-detection-or-give-deception-a-chance."},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of 24th USENIX Security Symposium.","author":"Araujo Frederico","unstructured":"Frederico Araujo and Kevin W. Hamlen . 2015. Compiler-instrumented, dynamic secret-redaction of legacy processes for attacker deception . In Proceedings of 24th USENIX Security Symposium. Frederico Araujo and Kevin W. Hamlen. 2015. Compiler-instrumented, dynamic secret-redaction of legacy processes for attacker deception. In Proceedings of 24th USENIX Security Symposium."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660329"},{"key":"e_1_2_1_11_1","volume-title":"Haider Abbas, and Yu-Lin He.","author":"Raza Ashfaq Rana Aamir","year":"2017","unstructured":"Rana Aamir Raza Ashfaq , Xi-Zhao Wang , Joshua Zhexue Huang , Haider Abbas, and Yu-Lin He. 2017 . Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences ( 2017). Rana Aamir Raza Ashfaq, Xi-Zhao Wang, Joshua Zhexue Huang, Haider Abbas, and Yu-Lin He. 2017. Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences (2017)."},{"key":"e_1_2_1_12_1","volume-title":"Stolfo","author":"Salem Malek Ben","year":"2011","unstructured":"Malek Ben Salem and Salvatore J . Stolfo . 2011 . Decoy document deployment for effective masquerade attack detection. In Detection of Intrusions and Malware, and Vulnerability Assessment . Malek Ben Salem and Salvatore J. Stolfo. 2011. Decoy document deployment for effective masquerade attack detection. In Detection of Intrusions and Malware, and Vulnerability Assessment."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2011.5984063"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526784"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/1888881.1888904"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOM.2007.4550337"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the International Conference on Security and Privacy in Communication Systems.","author":"Bowen Brian M.","unstructured":"Brian M. Bowen , Shlomo Hershkop , Angelos D. Keromytis , and Salvatore J. Stolfo . 2009. Baiting inside attackers using decoy documents . In Proceedings of the International Conference on Security and Privacy in Communication Systems. Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo. 2009. Baiting inside attackers using decoy documents. In Proceedings of the International Conference on Security and Privacy in Communication Systems."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1741866.1741880"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the International Workshop on Recent Advances in Intrusion Detection.","author":"Bowen Brian M.","unstructured":"Brian M. Bowen , Pratap Prabhu , Vasileios P. Kemerlis , Stelios Sidiroglou , Angelos D. Keromytis , and Salvatore J. Stolfo . 2010b. Botswindler: Tamper resistant injection of believable decoys in vm-based hosts for crimeware detection . In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Brian M. Bowen, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis, and Salvatore J. Stolfo. 2010b. Botswindler: Tamper resistant injection of believable decoys in vm-based hosts for crimeware detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2010.89"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.242"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-47413-7_2"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the IEEE Computer Society\u2019s TC on Security and Privacy.","author":"\u010cenys A.","unstructured":"A. \u010cenys , D. Rainys , L. Radvilavi\u010dius , and N. Goranin . 2005. Implementation of honeytoken module In DBMS oracle 9ir2 enterprise edition for internal malicious activity detection . In Proceedings of the IEEE Computer Society\u2019s TC on Security and Privacy. A. \u010cenys, D. Rainys, L. Radvilavi\u010dius, and N. Goranin. 2005. Implementation of honeytoken module In DBMS oracle 9ir2 enterprise edition for internal malicious activity detection. In Proceedings of the IEEE Computer Society\u2019s TC on Security and Privacy."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_12"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25594-1_1"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34266-0_10"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(98)80071-0"},{"key":"e_1_2_1_28_1","unstructured":"Fred Cohen. 2006. The Use of Deception Techniques: Honeypots and Decoys.  Fred Cohen. 2006. The Use of Deception Techniques: Honeypots and Decoys."},{"key":"e_1_2_1_29_1","unstructured":"Fred Cohen. 2010. Moving target defenses with and without cover deception. Retrieved from http:\/\/all.net\/Analyst\/2010-10.pdf.  Fred Cohen. 2010. Moving target defenses with and without cover deception. Retrieved from http:\/\/all.net\/Analyst\/2010-10.pdf."},{"key":"e_1_2_1_30_1","volume-title":"The deception toolkit. Risks Digest 19, 93","author":"Cohen Fred","year":"1998","unstructured":"Fred Cohen and others. 1998. The deception toolkit. Risks Digest 19, 93 ( 1998 ). http:\/\/catless.ncl.ac.uk\/Risks\/19\/93. Fred Cohen and others. 1998. The deception toolkit. Risks Digest 19, 93 (1998). http:\/\/catless.ncl.ac.uk\/Risks\/19\/93."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(03)00506-6"},{"key":"e_1_2_1_32_1","volume-title":"A framework for deception. National Security Issues in Science, Law, and Technology","author":"Cohen Fred","year":"2001","unstructured":"Fred Cohen , Dave Lambert , Charles Preston , Nina Berry , Corbin Stewart , and Eric Thomas . 2001a. A framework for deception. National Security Issues in Science, Law, and Technology ( 2001 ). Fred Cohen, Dave Lambert, Charles Preston, Nina Berry, Corbin Stewart, and Eric Thomas. 2001a. A framework for deception. National Security Issues in Science, Law, and Technology (2001)."},{"key":"e_1_2_1_33_1","unstructured":"Fred Cohen Irwin Marin Jeanne Sappington Corbin Stewart and Eric Thomas. 2001b. Red Teaming Experiments with Deception Technologies. http:\/\/all.net\/journal\/deception\/RedTeamingExperiments.pdf.  Fred Cohen Irwin Marin Jeanne Sappington Corbin Stewart and Eric Thomas. 2001b. Red Teaming Experiments with Deception Technologies. http:\/\/all.net\/journal\/deception\/RedTeamingExperiments.pdf."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2535813.2535824"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808475.2808480"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663729"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2016.15"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2016.44"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25594-1_13"},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the IJCAI.","author":"Durkota Karel","year":"2015","unstructured":"Karel Durkota , Viliam Lis\u1ef3 , Branislav Bosansk\u1ef3 , and Christopher Kiekintveld . 2015 a. Optimal network security hardening using attack graph games . In Proceedings of the IJCAI. Karel Durkota, Viliam Lis\u1ef3, Branislav Bosansk\u1ef3, and Christopher Kiekintveld. 2015a. Optimal network security hardening using attack graph games. In Proceedings of the IJCAI."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2016.74"},{"key":"e_1_2_1_42_1","volume-title":"2nd International Conference on i-Warfare and Security","volume":"20087","author":"Garfinkel Simson","year":"2007","unstructured":"Simson Garfinkel . 2007 . Anti-forensics: Techniques, detection and countermeasures . In 2nd International Conference on i-Warfare and Security , vol. 20087 . 77--84. Simson Garfinkel. 2007. Anti-forensics: Techniques, detection and countermeasures. In 2nd International Conference on i-Warfare and Security, vol. 20087. 77--84."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2007.381921"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNSC.2007.372823"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/2775498.2775545"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140549.3140555"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI.2016.0197"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2015.104"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.03.015"},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP\u201917)","author":"Herley Cormac","unstructured":"Cormac Herley and Paul C . van Oorschot. 2017. Sok: Science, security and the elusive goal of security as a scientific pursuit . In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201917) . Cormac Herley and Paul C. van Oorschot. 2017. Sok: Science, security and the elusive goal of security as a scientific pursuit. In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201917)."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68711-7_15"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/1182635.1164254"},{"key":"e_1_2_1_54_1","volume-title":"Moving Target Defense II: Application of Game Theory and Adversarial Modeling","author":"Jajodia Sushil","unstructured":"Sushil Jajodia , Anup K. Ghosh , V. S. Subrahmanian , Vipin Swarup , Cliff Wang , and X. Sean Wang . 2012. Moving Target Defense II: Application of Game Theory and Adversarial Modeling . Springer . Sushil Jajodia, Anup K. Ghosh, V. S. Subrahmanian, Vipin Swarup, Cliff Wang, and X. Sean Wang. 2012. Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Springer."},{"key":"e_1_2_1_55_1","volume-title":"Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats","author":"Jajodia Sushil","unstructured":"Sushil Jajodia , Anup K. Ghosh , Vipin Swarup , Cliff Wang , and X. Sean Wang . 2011. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats . Springer Science 8 Business Media. Sushil Jajodia, Anup K. Ghosh, Vipin Swarup, Cliff Wang, and X. Sean Wang. 2011. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer Science 8 Business Media."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/2994406"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICEEOT.2016.7754797"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-55220-5_17"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516671"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2613087.2613088"},{"key":"e_1_2_1_62_1","unstructured":"Parisa Kaghazgaran and Hassan Takabi. 2015. Toward an insider threat detection framework using honey permissions. Journal of Internet Services and Information Security (JISIS\u201915).  Parisa Kaghazgaran and Hassan Takabi. 2015. Toward an insider threat detection framework using honey permissions. Journal of Internet Services and Information Security (JISIS\u201915)."},{"key":"e_1_2_1_63_1","volume-title":"Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security.","author":"Kapravelos Alexandros","year":"2014","unstructured":"Alexandros Kapravelos , Chris Grier , Neha Chachra , Christopher Kruegel , Giovanni Vigna , and Vern Paxson . 2014 . Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security. Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security."},{"key":"e_1_2_1_64_1","volume-title":"USENIX Workshop on Free and Open Communications on the Internet (FOCI).","author":"Karlin Josh","unstructured":"Josh Karlin , Daniel Ellard , Alden W. Jackson , Christine E. Jones , Greg Lauer , David Mankins , and W. Timothy Strayer . 2011. Decoy routing: Toward unblockable internet communication . In USENIX Workshop on Free and Open Communications on the Internet (FOCI). Josh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David Mankins, and W. Timothy Strayer. 2011. Decoy routing: Toward unblockable internet communication. In USENIX Workshop on Free and Open Communications on the Internet (FOCI)."},{"key":"e_1_2_1_65_1","volume-title":"Proceedings of the 2012 International Conference on Internet Computing (ICOMP\u201912)","author":"Katsinis Constantine","year":"2012","unstructured":"Constantine Katsinis and Brijesh Kumar . 2012 . A security mechanism for web servers based on deception . In Proceedings of the 2012 International Conference on Internet Computing (ICOMP\u201912) . Constantine Katsinis and Brijesh Kumar. 2012. A security mechanism for web servers based on deception. In Proceedings of the 2012 International Conference on Internet Computing (ICOMP\u201912)."},{"key":"e_1_2_1_66_1","volume-title":"International Conference on Internet Computing (ICOMP).","author":"Katsinis Constantine","year":"2013","unstructured":"Constantine Katsinis , Brijesh Kumar , Security Technology , and Rapidsoft Systems . 2013 . A framework for intrusion deception on web servers . In International Conference on Internet Computing (ICOMP). Constantine Katsinis, Brijesh Kumar, Security Technology, and Rapidsoft Systems. 2013. A framework for intrusion deception on web servers. In International Conference on Internet Computing (ICOMP)."},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/191177.191183"},{"key":"e_1_2_1_68_1","volume-title":"Proceedings of the System Administration, Networking, and Security Conference.","author":"Gene","unstructured":"Gene H. Kim and Eugene H. Spafford. 1994b. Experiences with tripwire: Using integrity checkers for intrusion detection . In Proceedings of the System Administration, Networking, and Security Conference. Gene H. Kim and Eugene H. Spafford. 1994b. Experiences with tripwire: Using integrity checkers for intrusion detection. In Proceedings of the System Administration, Networking, and Security Conference."},{"key":"e_1_2_1_69_1","volume-title":"Keromytis","author":"Kontaxis Georgios","year":"2014","unstructured":"Georgios Kontaxis , Michalis Polychronakis , and Angelos D . Keromytis . 2014 . Computational decoys for cloud security. In Secure Cloud Computing . Georgios Kontaxis, Michalis Polychronakis, and Angelos D. Keromytis. 2014. Computational decoys for cloud security. In Secure Cloud Computing."},{"key":"e_1_2_1_70_1","volume-title":"The Value of Honeypots","author":"Lance Spitzner","unstructured":"Spitzner Lance . 2001. The Value of Honeypots , Part One: Definitions and Values of Honeypots. Retrieved from https:\/\/www.symantec.com\/connect\/articles\/value-honeypots-part-one-definitions-and-values-honeypots. Spitzner Lance. 2001. The Value of Honeypots, Part One: Definitions and Values of Honeypots. Retrieved from https:\/\/www.symantec.com\/connect\/articles\/value-honeypots-part-one-definitions-and-values-honeypots."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.25"},{"key":"e_1_2_1_72_1","volume-title":"Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET\u201916)","author":"Lazarov Martin","year":"2016","unstructured":"Martin Lazarov , Jeremiah Onaolapo , and Gianluca Stringhini . 2016 . Honey sheets: What happens to leaked google spreadsheets? In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET\u201916) . Martin Lazarov, Jeremiah Onaolapo, and Gianluca Stringhini. 2016. Honey sheets: What happens to leaked google spreadsheets? In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET\u201916)."},{"key":"e_1_2_1_73_1","volume-title":"Proceedings of the 4th USENIX Workshop on Hot Topics in Security (HotSec\u201909)","author":"Mal\u00e9cot Erwan Le","year":"2009","unstructured":"Erwan Le Mal\u00e9cot . 2009 . MitiBox: Camouflage and deception for network scan mitigation . In Proceedings of the 4th USENIX Workshop on Hot Topics in Security (HotSec\u201909) . Erwan Le Mal\u00e9cot. 2009. MitiBox: Camouflage and deception for network scan mitigation. In Proceedings of the 4th USENIX Workshop on Hot Topics in Security (HotSec\u201909)."},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541315"},{"key":"e_1_2_1_75_1","volume-title":"Sticky","author":"Liston Tom","unstructured":"Tom Liston . 2001. LaBrea :\u201c Sticky \u201d honeypot and IDS. Retrieved from http:\/\/labrea.sourceforge.net\/labrea-info.html. Tom Liston. 2001. LaBrea:\u201cSticky\u201d honeypot and IDS. Retrieved from http:\/\/labrea.sourceforge.net\/labrea-info.html."},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381966.2381982"},{"key":"e_1_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2007.435"},{"key":"e_1_2_1_78_1","volume-title":"Proceedings of the IEEE Workshop on Information Assurance.","author":"Michael B.","unstructured":"B. Michael , M. Auguston , N. Rowe , and R. Riehle . 2002. Software decoys: Intrusion detection and countermeasures . In Proceedings of the IEEE Workshop on Information Assurance. B. Michael, M. Auguston, N. Rowe, and R. Riehle. 2002. Software decoys: Intrusion detection and countermeasures. In Proceedings of the IEEE Workshop on Information Assurance."},{"key":"e_1_2_1_79_1","volume-title":"Proceedings of the International Conference on Information Warfare and Security.","author":"Murphy Sherry","year":"2010","unstructured":"Sherry Murphy , Todd McDonald , and Robert Mills . 2010 . An application of deception in cyberspace: Operating system obfuscation . In Proceedings of the International Conference on Information Warfare and Security. Sherry Murphy, Todd McDonald, and Robert Mills. 2010. An application of deception in cyberspace: Operating system obfuscation. In Proceedings of the International Conference on Information Warfare and Security."},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134075"},{"key":"e_1_2_1_81_1","volume-title":"A survey on honeypot software and data analysis. arXiv Preprint arXiv:1608.06249","author":"Nawrocki Marcin","year":"2016","unstructured":"Marcin Nawrocki , Matthias W\u00e4hlisch , Thomas C. Schmidt , Christian Keil , and Jochen Sch\u00f6nfelder . 2016. A survey on honeypot software and data analysis. arXiv Preprint arXiv:1608.06249 ( 2016 ). Marcin Nawrocki, Matthias W\u00e4hlisch, Thomas C. Schmidt, Christian Keil, and Jochen Sch\u00f6nfelder. 2016. A survey on honeypot software and data analysis. arXiv Preprint arXiv:1608.06249 (2016)."},{"key":"e_1_2_1_82_1","volume-title":"Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats (LEET).","author":"Nazario Jose","year":"2009","unstructured":"Jose Nazario . 2009 . PhoneyC: A virtual client honeypot . In Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats (LEET). Jose Nazario. 2009. PhoneyC: A virtual client honeypot. In Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats (LEET)."},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/1278940.1278946"},{"key":"e_1_2_1_84_1","volume-title":"Automatically hardening web applications using precise tainting. Security and Privacy in the Age of Ubiquitous Computing","author":"Nguyen-Tuong Anh","year":"2005","unstructured":"Anh Nguyen-Tuong , Salvatore Guarnieri , Doug Greene , Jeff Shirley , and David Evans . 2005. Automatically hardening web applications using precise tainting. Security and Privacy in the Age of Ubiquitous Computing ( 2005 ). Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. 2005. Automatically hardening web applications using precise tainting. Security and Privacy in the Age of Ubiquitous Computing (2005)."},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.5555\/1972441.1972443"},{"key":"e_1_2_1_86_1","unstructured":"Adam Nossiter David E. Sanger and Nicole Perlroth. 2017. Hackers Came But the French Were Prepared. Retrieved from https:\/\/www.nytimes.com\/2017\/05\/09\/world\/europe\/hacke rs-came-but-the-french-were-prepared.html.  Adam Nossiter David E. Sanger and Nicole Perlroth. 2017. Hackers Came But the French Were Prepared. Retrieved from https:\/\/www.nytimes.com\/2017\/05\/09\/world\/europe\/hacke rs-came-but-the-french-were-prepared.html."},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.137"},{"key":"e_1_2_1_88_1","doi-asserted-by":"crossref","unstructured":"Hamed Okhravi M. A. Rabe T. J. Mayberry W. G. Leonard T. R. Hobson D. Bigelow and W. W. Streilein. 2013. Survey of Cyber Moving Target Techniques. Technical Report. Lexington Lincoln Lab MIT Cambridge MA.  Hamed Okhravi M. A. Rabe T. J. Mayberry W. G. Leonard T. R. Hobson D. Bigelow and W. W. Streilein. 2013. Survey of Cyber Moving Target Techniques. Technical Report. Lexington Lincoln Lab MIT Cambridge MA.","DOI":"10.21236\/ADA591804"},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987475"},{"key":"e_1_2_1_90_1","volume-title":"Aspectising honeytokens to contain the insider threat. IET Information Security","author":"Padayachee Keshnee","year":"2014","unstructured":"Keshnee Padayachee . 2014. Aspectising honeytokens to contain the insider threat. IET Information Security ( 2014 ). Keshnee Padayachee. 2014. Aspectising honeytokens to contain the insider threat. IET Information Security (2014)."},{"key":"e_1_2_1_91_1","volume-title":"RES: Protocol Anomaly Detection IDS\u2014Honeypots.","author":"de Barros Augusto Paes","year":"2003","unstructured":"Augusto Paes de Barros . 2003 . RES: Protocol Anomaly Detection IDS\u2014Honeypots. Retrieved from http:\/\/seclists.org\/focus-ids\/2003\/Feb\/95. Augusto Paes de Barros. 2003. RES: Protocol Anomaly Detection IDS\u2014Honeypots. Retrieved from http:\/\/seclists.org\/focus-ids\/2003\/Feb\/95."},{"key":"e_1_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414511"},{"key":"e_1_2_1_93_1","volume-title":"Proceedings of the International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO\u201915)","author":"Robert Petruni\u0107 A. B.","year":"2015","unstructured":"A. B. Robert Petruni\u0107 . 2015 . Honeytokens as active defense . In Proceedings of the International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO\u201915) . A. B. Robert Petruni\u0107. 2015. Honeytokens as active defense. In Proceedings of the International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO\u201915)."},{"key":"e_1_2_1_94_1","volume-title":"Game theoretic model of strategic honeypot selection in computer networks. Decision and Game Theory for Security","author":"P\u00edbil Radek","year":"2012","unstructured":"Radek P\u00edbil , Viliam Lis\u1ef3 , Christopher Kiekintveld , Branislav Bo\u0161ansk\u1ef3 , and Michal P\u011bchou\u010dek . 2012. Game theoretic model of strategic honeypot selection in computer networks. Decision and Game Theory for Security ( 2012 ). Radek P\u00edbil, Viliam Lis\u1ef3, Christopher Kiekintveld, Branislav Bo\u0161ansk\u1ef3, and Michal P\u011bchou\u010dek. 2012. Game theoretic model of strategic honeypot selection in computer networks. Decision and Game Theory for Security (2012)."},{"key":"e_1_2_1_95_1","volume-title":"Emerging technology analysis: Deception techniques and technologies create security technology business opportunities. Gartner","author":"Pingree Lawrence","unstructured":"Lawrence Pingree . 2015. Emerging technology analysis: Deception techniques and technologies create security technology business opportunities. Gartner , Inc . https:\/\/www.gartner.com\/doc\/3096017\/emerging-technology-analysis-deception-techniques. Lawrence Pingree. 2015. Emerging technology analysis: Deception techniques and technologies create security technology business opportunities. Gartner, Inc. https:\/\/www.gartner.com\/doc\/3096017\/emerging-technology-analysis-deception-techniques."},{"key":"e_1_2_1_96_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Niels","unstructured":"Niels Provos and others. 2004. A virtual honeypot framework . In Proceedings of the USENIX Security Symposium. Niels Provos and others. 2004. A virtual honeypot framework. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2013.6682694"},{"key":"e_1_2_1_98_1","volume-title":"Proceedings of the 2nd International Conference on Information Warfare 8 Security.","author":"Rowe Neil","year":"2007","unstructured":"Neil Rowe . 2007 . Planning cost-effective deceptive resource denial in defense to cyber-attacks . In Proceedings of the 2nd International Conference on Information Warfare 8 Security. Neil Rowe. 2007. Planning cost-effective deceptive resource denial in defense to cyber-attacks. In Proceedings of the 2nd International Conference on Information Warfare 8 Security."},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.16"},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2006.269"},{"key":"e_1_2_1_101_1","volume-title":"Deception in defense of computer systems from cyber attack. Cyber Warfare and Cyber Terrorism","author":"Rowe Neil C.","year":"2008","unstructured":"Neil C. Rowe . 2008. Deception in defense of computer systems from cyber attack. Cyber Warfare and Cyber Terrorism ( 2008 ). Neil C. Rowe. 2008. Deception in defense of computer systems from cyber attack. Cyber Warfare and Cyber Terrorism (2008)."},{"key":"e_1_2_1_102_1","volume-title":"Proceedings of the IEEE Information Assurance Workshop.","author":"Rowe Neil C.","unstructured":"Neil C. Rowe , Binh T. Duong , and E. Custy . 2006. Fake honeypots: A defensive tactic for cyberspace . In Proceedings of the IEEE Information Assurance Workshop. Neil C. Rowe, Binh T. Duong, and E. Custy. 2006. Fake honeypots: A defensive tactic for cyberspace. In Proceedings of the IEEE Information Assurance Workshop."},{"key":"e_1_2_1_103_1","first-page":"27","article-title":"Two taxonomies of deception for attacks on information systems","volume":"3","author":"Rowe Neil C.","year":"2004","unstructured":"Neil C. Rowe and Hy S. Rothstein . 2004 . Two taxonomies of deception for attacks on information systems . Journal of Information Warfare 3 , 2 (2004), 27 -- 39 . Neil C. Rowe and Hy S. Rothstein. 2004. Two taxonomies of deception for attacks on information systems. Journal of Information Warfare 3, 2 (2004), 27--39.","journal-title":"Journal of Information Warfare"},{"key":"e_1_2_1_104_1","volume-title":"Rowe and Julian Rrushi","author":"Neil","year":"2016","unstructured":"Neil C. Rowe and Julian Rrushi . 2016 . Introduction to Cyberdeception. Springer . Neil C. Rowe and Julian Rrushi. 2016. Introduction to Cyberdeception. Springer."},{"key":"e_1_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2011.06.002"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.05.002"},{"key":"e_1_2_1_107_1","first-page":"94","article-title":"Guide to intrusion detection and prevention systems (idps)","volume":"800","author":"Scarfone Karen","year":"2007","unstructured":"Karen Scarfone and Peter Mell . 2007 . Guide to intrusion detection and prevention systems (idps) . NIST Special Publication 800 , 2007 (2007), 94 . Karen Scarfone and Peter Mell. 2007. Guide to intrusion detection and prevention systems (idps). NIST Special Publication 800, 2007 (2007), 94.","journal-title":"NIST Special Publication"},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/2854152"},{"key":"e_1_2_1_109_1","volume-title":"An Improved Tarpit for Network Deception. Master\u2019s thesis. Naval Postgraduate School","author":"Shing Leslie","unstructured":"Leslie Shing . 2016. An Improved Tarpit for Network Deception. Master\u2019s thesis. Naval Postgraduate School . Monterey, CA . Leslie Shing. 2016. An Improved Tarpit for Network Deception. Master\u2019s thesis. Naval Postgraduate School. Monterey, CA."},{"key":"e_1_2_1_110_1","volume-title":"Proceedings of the Usenix Security Symposium.","author":"Smart Matthew","year":"2000","unstructured":"Matthew Smart , G. Robert Malan , and Farnam Jahanian . 2000 . Defeating TCP\/IP stack fingerprinting . In Proceedings of the Usenix Security Symposium. Matthew Smart, G. Robert Malan, and Farnam Jahanian. 2000. Defeating TCP\/IP stack fingerprinting. In Proceedings of the Usenix Security Symposium."},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1193207"},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.5555\/956415.956438"},{"key":"e_1_2_1_113_1","volume-title":"Honeytokens: The other honeypot.","author":"Spitzner Lance","year":"2003","unstructured":"Lance Spitzner . 2003 c. Honeytokens: The other honeypot. Retrieved from http:\/\/www.securityfocus.com\/infocus\/1713. Lance Spitzner. 2003c. Honeytokens: The other honeypot. Retrieved from http:\/\/www.securityfocus.com\/infocus\/1713."},{"key":"e_1_2_1_114_1","doi-asserted-by":"crossref","unstructured":"Cliff Stoll. 1989. The Cuckoo\u2019s Egg: Tracking a Spy through the Maze of Computer Espionage.   Cliff Stoll. 1989. The Cuckoo\u2019s Egg: Tracking a Spy through the Maze of Computer Espionage.","DOI":"10.1063\/1.2810663"},{"key":"e_1_2_1_115_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920263"},{"key":"e_1_2_1_116_1","unstructured":"Symantec. 2016. Internet Security Threat Report. Retrieved from https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/reports\/istr-21-2016-en.pdf.  Symantec. 2016. Internet Security Threat Report. Retrieved from https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/reports\/istr-21-2016-en.pdf."},{"key":"e_1_2_1_117_1","unstructured":"Samuel T. Trassare. 2013. A technique for presenting a deceptive dynamic network topology. Master\u2019s Thesis. Naval Post Graduate School Monterey CA.  Samuel T. Trassare. 2013. A technique for presenting a deceptive dynamic network topology. Master\u2019s Thesis. Naval Post Graduate School Monterey CA."},{"key":"e_1_2_1_118_1","unstructured":"Trend Micro. 2015. Understanding Targeted Attacks: The Impact of Targeted Attacks. Retrieved from https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/the-impact-of-targeted-attack. (2015).  Trend Micro. 2015. Understanding Targeted Attacks: The Impact of Targeted Attacks. Retrieved from https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/the-impact-of-targeted-attack. (2015)."},{"key":"e_1_2_1_119_1","volume-title":"Proceedings of the IEEE Symposium on Technologies for Homeland Security (HST\u201916)","author":"Urias Vincent E.","unstructured":"Vincent E. Urias , William M. S. Stout , and Han W. Lin . 2016. Gathering threat intelligence through computer network deception . In Proceedings of the IEEE Symposium on Technologies for Homeland Security (HST\u201916) . Vincent E. Urias, William M. S. Stout, and Han W. Lin. 2016. Gathering threat intelligence through computer network deception. In Proceedings of the IEEE Symposium on Technologies for Homeland Security (HST\u201916)."},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1109\/CYCON.2014.6916397"},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1145\/2751323.2751326"},{"key":"e_1_2_1_122_1","volume-title":"Proceedings of the Cyber Infrastructure Protection Conference, Strategic Studies Institute.","author":"Voris Jonathan","unstructured":"Jonathan Voris , Jill Jermyn , Angelos D. Keromytis , and Salvatore J. Stolfo . 2013. Bait and snitch: Defending computer systems with decoys . In Proceedings of the Cyber Infrastructure Protection Conference, Strategic Studies Institute. Jonathan Voris, Jill Jermyn, Angelos D. Keromytis, and Salvatore J. Stolfo. 2013. Bait and snitch: Defending computer systems with decoys. In Proceedings of the Cyber Infrastructure Protection Conference, Strategic Studies Institute."},{"key":"e_1_2_1_123_1","volume-title":"Detecting targeted attacks by multilayer deception. J. Cyber Secur. Mobility","author":"Wang Wei","year":"2013","unstructured":"Wei Wang , Jeffrey Bickford , Ilona Murynets , Ramesh Subbaraman , Andrea G. Forte , and Gokul Singaraju . 2013. Detecting targeted attacks by multilayer deception. J. Cyber Secur. Mobility ( 2013 ). Wei Wang, Jeffrey Bickford, Ilona Murynets, Ramesh Subbaraman, Andrea G. Forte, and Gokul Singaraju. 2013. Detecting targeted attacks by multilayer deception. J. Cyber Secur. Mobility (2013)."},{"key":"e_1_2_1_124_1","volume-title":"Social honeypots: Making friends with a spammer near you","author":"Webb Steve","unstructured":"Steve Webb , James Caverlee , and Calton Pu. 2008. Social honeypots: Making friends with a spammer near you . In Council of European Aerospace Societies (CEAS\u2019 08). Steve Webb, James Caverlee, and Calton Pu. 2008. Social honeypots: Making friends with a spammer near you. In Council of European Aerospace Societies (CEAS\u201908)."},{"key":"e_1_2_1_125_1","volume-title":"Innovations and Advances in Computer Sciences and Engineering","author":"White Jonathan","unstructured":"Jonathan White . 2010. Creating personally identifiable honeytokens . In Innovations and Advances in Computer Sciences and Engineering . Springer . Jonathan White. 2010. Creating personally identifiable honeytokens. In Innovations and Advances in Computer Sciences and Engineering. Springer."},{"key":"e_1_2_1_126_1","first-page":"103","article-title":"Automating the generation of fake documents to detect network intruders","volume":"2","author":"Whitham Ben","year":"2013","unstructured":"Ben Whitham . 2013 . Automating the generation of fake documents to detect network intruders . International Journal of Cyber-Security and Digital Forensics (IJCSDF) 2 , 1 (2013), 103 -- 118 . Ben Whitham. 2013. Automating the generation of fake documents to detect network intruders. International Journal of Cyber-Security and Digital Forensics (IJCSDF) 2, 1 (2013), 103--118.","journal-title":"International Journal of Cyber-Security and Digital Forensics (IJCSDF)"},{"key":"e_1_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2017.733"},{"key":"e_1_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2004.1437806"},{"key":"e_1_2_1_131_1","volume-title":"Recent Trends in Information Reuse and Integration","author":"Zhang Du","unstructured":"Du Zhang . 2012. The utility of inconsistency in information security and digital forensics . In Recent Trends in Information Reuse and Integration . Springer . Du Zhang. 2012. The utility of inconsistency in information security and digital forensics. In Recent Trends in Information Reuse and Integration. Springer."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3214305","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3214305","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:19Z","timestamp":1750287259000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3214305"}},"subtitle":["A Research Perspective"],"short-title":[],"issued":{"date-parts":[[2018,7,25]]},"references-count":126,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,7,31]]}},"alternative-id":["10.1145\/3214305"],"URL":"https:\/\/doi.org\/10.1145\/3214305","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,25]]},"assertion":[{"value":"2017-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-07-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}