The High-fidelity Adaptive Deception & Emulation System (HADES), developed by researchers at Sandia National Laboratories in the US, feeds a hacker not what he needs to know but what he wants to believe.
"Simply kicking a hacker out is next to useless. The hacker has asymmetry on his side; we have to guard a hundred possible entry points and a hacker only needs to penetrate one to get in," said Vince Urias, Sandia National Laboratories.
However, certain artifacts have been deliberately, but not obviously, altered.
"So, a hacker may report to his handler that he or she has cracked our system and will be sending back reports on what we're doing," Urias said.
Also Read
"They may have received a year or so of false information before realising something is wrong. A hacker informing his boss that he's discovered a problem doesn't do his reputation much good, he's discredited," he said.
Furthermore, when a hacker finally puzzles out something is wrong, he must display his toolkit as he tries to discern truth from fiction.
"It used to be that technologically we couldn't move a visitor to a different reality without them knowing but there's been a radical change in networking in the last 10 to 15 years, from hardware to software," said Urias.
"With the ephemerality of the network fabric, I can change realities without a hacker knowing," he said.
Like any technique, HADES has its limitations. While the simplest deceptive environment can be done on a small private computer, environments of greater fidelity require more CPU and memory resources and may thereby reduce the number of virtual environments deployable on a single server.
The technique has allowed the researchers to locate malware an adversary has placed in a system, and is capable of active attack.
Disclaimer: No Business Standard Journalist was involved in creation of this content