Network security is an important issue in modern computer networks. An effective way of preventing attacks is to intercept and identify suspicious activities before they affect the real systems. Decoys, also referred to as honeypots, are often deployed for this purpose. Products such as NetFacade and Neils Provos' honeyd can be used to imitate real production systems on a network and aim to collect information about probes, attacks, and compromises that would otherwise target actual systems. Suspicious activities are usually reported so that further actions can be taken.
In static networks where devices are assigned known static IP addresses, deploying decoys is typically accomplished by assigning some unused static IP addresses as decoy addresses. Assigning decoy sometimes involves manual configuration by a network administrator or similarly privileged user, and usually requires knowledge of the configuration of the network.
In dynamic networks, devices are assigned dynamic addresses that may change over time, making the assignment of decoy addresses more difficult. Thus, decoys are typically not deployed in dynamic networks. Leaving dynamic networks unprotected by decoys weakens the security of the environment since pre-attack activities may go undetected. Knowing that the dynamic desktop environments are often less secure, attackers typically attack these environments first.
It would be useful to have a technique that would allow for deployment of decoys in a dynamic network. It would also be useful if the technique would not disrupt the normal operations of the network during deployment and operation.