Cybersecurity is developing rapidly, and new methods of defence against attackers are appearing, such as Cyber Deception (CYDEC). CYDEC consists of deceiving the enemy who performs actions without realising that he/she is being deceived. This article proposes designing, implementing, and evaluating a deception mechanism based on the stealthy redirection of TCP communications to an on-demand honey server with the same characteristics as the victim asset, i.e., it is a clone. Such a mechanism ensures that the defender fools the attacker, thanks to stealth redirection. In this situation, the attacker will focus on attacking the honey server while enabling the recollection of relevant information to generate threat intelligence. The experiments in different scenarios show how the proposed solution can effectively redirect an attacker to a copied asset on demand, thus protecting the real asset. Finally, the results obtained by evaluating the latency times ensure that the redirection is undetectable by humans and very difficult to detect by a machine.

翻译：网络安全领域发展迅速，针对攻击者的新型防御方法不断涌现，例如网络欺骗（CYDEC）。网络欺骗旨在诱骗未察觉自身被欺骗的攻击者实施行动。本文提出设计、实现并评估一种基于TCP通信隐秘重定向的欺骗机制，该机制将请求重定向至与受害资产具有相同特征的按需蜜罐服务器（即克隆服务器）。借助隐秘重定向技术，该机制确保防御者能有效迷惑攻击者。在此情境下，攻击者将专注于攻击蜜罐服务器，从而便于防御方收集相关信息以生成威胁情报。多场景实验表明，所提方案能按需将攻击者重定向至资产副本，进而保护真实资产。最后，通过评估延迟时间得出的结果证明，该重定向机制对人类而言无法察觉，且机器极难检测。