Decepto works as controller extending the Kubernetes API to automatically clone individual microservices from any cloud-native application and configures them as high-interaction decoys interwoven with the production environment. Additionally, each decoy is equipped with advanced functionalities to detect and monitor malicious activity effectively. By using decoys that mimic legitimate system components, service providers can reliably detect and monitor stealthy attackers.
Ongoing developments aim to improve the orchestration algorithm behind Decepto with the aim to satisfy pre-defined security requirements, while ensuring a minimal resource utilisation and no interference with the cloud-native applications.
The code of Decepto is available on GitHub.
Selected Publications
-
Daniele Santoro, Marco Zambianco, Claudio Facchinetti, Domenico Siracusa
Demo: Cloud-native Cyber Deception with Decepto
In: Proceedings of 2024 IEEE Symposium on Computers and Communications (ISCC) (DOI) -
Marco Zambianco, Claudio Facchinetti, Roberto Doriguzzi Corin, Domenico Siracusa
Resource-aware Cyber Deception for Microservice-based Applications
In: IEEE Transactions on Services Computing (DOI)
