Protecting Institutions of Higher Learning in Kenya: A Scalable Hybrid Decoy Framework against Cyber Threats

Abstract

Cybersecurity threats are malicious acts that seek to damage, steal, or gain unauthorized access to information. Higher institutions of learning in Kenya have adopted the use of information systems in their service delivery. However, their level of preparedness to deal with emerging threats in their cyberspace is limited by techniques used to detect, inform, and deflect the cyber threats before they cause much harm. The main objective of this research study was to develop a scalable decoy framework for use in institutions of higher learning. The research process was done in two phases; the first phase encompassed preliminary studies that involved soliciting responses from 84 ICT personnel drawn from 42 institutions in Kenya selected through the purposive sampling method. This study made use of primary data collected using structured questionnaires, then descriptively analyzed. The findings revealed the institutions recorded cyber attacks within twelve months of the research period, and the main tools and techniques in place are inefficient to detect significant threats. The second phase entailed designing the framework prototype using Linux containers as decoys in the front and back end and monitoring the attacks using HonSSH, while graphical presentation used Grafana. The decoys were set in a layered approach. The front-end decoy hid the back-end decoy by internally configuring the front-end decoy to capture and reroute the attacker commands via a secure tunnel. The back-end decoy did the processing of commands issued through the front-end decoy then gave feedback. Simulation of user activities and network traffic generation was achieved using the General HOSTS framework to make it more realistic to the attacker. The attacker's virtual machine used Kali Linux. Scalability, latency, and throughput metrics were used to test the framework's effectiveness; decoy data analysis was done by logstash and pipelined to Kibana for visualization. The experimental results demonstrate that the system effectively misdirected commands by combining deceptive network setup and configurations and generating fake user and network activities with an average latency of 0.0015s, throughput 864Mbits/s, and boot speed 7.485s. The study highly recommends including cyber decoys in the institutions network to boost security in a proactive approach due to effectiveness in utilizing computing resources. The framework will help cybersecurity professionals protect higher institutions of learning from stealthy and sophisticated attacks. This research work contributes to knowledge in designing and developing effective deceptive decoys tools in cybersecurity research.