Deception technology attempts to lure an attacker into attacking decoy computing systems to prevent the attacker from attacking other systems. For example, honeypots and honeynets attract an attacker and intentionally allow the attacker into the computing environment, keeping the attacker trapped within the environment. To effectively lure attackers, a deception system needs to use appropriate vulnerable software that attackers would try to exploit, based on likely attacks or crucial attacks that need to be prevented. After an attacker enters a deception system, the right vulnerabilities need to be deployed to trap the attacker for as long as possible.
Unfortunately, attacks and vulnerabilities generally change over time, and attackers may not continue to be attracted by older vulnerabilities. Additionally, in the example of a honeynet, attackers may suspect a deception system and leave the honeynet if multiple machines deploy the same vulnerable software or a machine deploys multiple unrelated vulnerabilities. Furthermore, with a large number of software and software versions, the number of possible configurations may quickly increase. Thus, it may be difficult to select the best combinations of vulnerabilities to use in trapping attackers. The instant disclosure, therefore, identifies and addresses a need for better systems and methods for creating a deception computing system.