dc.description.abstract | Cybersecurity threats are malicious acts that seek to damage, steal, or gain
unauthorized access to information. Higher institutions of learning in Kenya have
adopted the use of information systems in their service delivery. However, their level
of preparedness to deal with emerging threats in their cyberspace is limited by
techniques used to detect, inform, and deflect the cyber threats before they cause much
harm. The main objective of this research study was to develop a scalable decoy
framework for use in institutions of higher learning. The research process was done in
two phases; the first phase encompassed preliminary studies that involved soliciting
responses from 84 ICT personnel drawn from 42 institutions in Kenya selected
through the purposive sampling method. This study made use of primary data
collected using structured questionnaires, then descriptively analyzed. The findings
revealed the institutions recorded cyber attacks within twelve months of the research
period, and the main tools and techniques in place are inefficient to detect significant
threats. The second phase entailed designing the framework prototype using Linux
containers as decoys in the front and back end and monitoring the attacks using
HonSSH, while graphical presentation used Grafana. The decoys were set in a layered
approach. The front-end decoy hid the back-end decoy by internally configuring the
front-end decoy to capture and reroute the attacker commands via a secure tunnel. The
back-end decoy did the processing of commands issued through the front-end decoy
then gave feedback. Simulation of user activities and network traffic generation was
achieved using the General HOSTS framework to make it more realistic to the
attacker. The attacker's virtual machine used Kali Linux. Scalability, latency, and
throughput metrics were used to test the framework's effectiveness; decoy data
analysis was done by logstash and pipelined to Kibana for visualization. The
experimental results demonstrate that the system effectively misdirected commands
by combining deceptive network setup and configurations and generating fake user
and network activities with an average latency of 0.0015s, throughput 864Mbits/s, and
boot speed 7.485s. The study highly recommends including cyber decoys in the
institutions network to boost security in a proactive approach due to effectiveness in
utilizing computing resources. The framework will help cybersecurity professionals
protect higher institutions of learning from stealthy and sophisticated attacks. This
research work contributes to knowledge in designing and developing effective
deceptive decoys tools in cybersecurity research. | en_US |