Brendan Dolan-Gavitt, assistant professor of computer science and engineering at NYU Tandon was one of the researchers on this study.
That’s the basis for a new approach developed by Zhenghao Hu and colleagues at New York University. Why not fill ordinary code with benign bugs as a way of fooling potential attackers? The idea is to force attackers to use up their resources finding and testing bugs that will be of no use to them. Hu and co call these decoys “chaff bugs,” in analogy to the aluminum strips used to fool radar operators. The idea is just the latest move in an increasingly complex cat-and-mouse game pitting security experts against attackers.