Abstract
We discuss the architecture of a defensive deception capability that we dubbed Phantom I/O Projector. The projector is made of kernel modules that project the existence and operation of I/O devices, which are in fact dynamic decoys. The projector can detect malware on the very first encounter with them, and can operate on machines in production. The projector is safe for users, and can coexist with production functions. We tested the projector's architecture by experimenting with a decoy webcam against notorious malware. Those malware have a long history of spying on users. They had caused serious cyber incidents, some of which were largely covered by the news media. The projector can detect those malware on the first contact, having 0-knowledge of their inner workings, and without the user's involvement or awareness of the decoy webcam.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
