Cybersecurity is developing rapidly, and new methods of defence against attackers are appearing, such as Cyber Deception (CYDEC). CYDEC consists of deceiving the enemy who performs actions without realising that he/she is being deceived. This article proposes designing, implementing, and evaluating a deception mechanism based on the stealthy redirection of TCP communications to an on-demand honey server with the same characteristics as the victim asset, i.e., it is a clone. Such a mechanism ensures that the defender fools the attacker, thanks to stealth redirection. In this situation, the attacker will focus on attacking the honey server while enabling the recollection of relevant information to generate threat intelligence. The experiments in different scenarios show how the proposed solution can effectively redirect an attacker to a copied asset on demand, thus protecting the real asset. Finally, the results obtained by evaluating the latency times ensure that the redirection is undetectable by humans and very difficult to detect by a machine.

翻译：网络安全领域发展迅速，针对攻击者的新型防御方法不断涌现，如网络欺骗（CYDEC）技术。CYDEC通过诱骗攻击者在不知情状态下执行操作。本文提出设计、实现并评估一种基于TCP通信隐秘重定向至按需蜜罐服务器的欺骗机制，该蜜罐具有与受害者资产完全相同的特征（即克隆资产）。该机制通过隐秘重定向确保防御方能够迷惑攻击者。在此情境下，攻击者将专注于攻击蜜罐服务器，同时防御方可收集相关信息以生成威胁情报。多场景实验表明，本文提出的解决方案能够有效将攻击者按需重定向至克隆资产，从而保护真实资产。最后，通过评估延迟时间证明该重定向对人类不可察觉，且极难被机器检测到。