Page "Security through obscurity" Paragraph 8

Security through obscurity can also be used to create a risk that can detect or deter potential attackers.

For example, consider a computer network that appears to exhibit a known vulnerability.

Lacking the security layout of the target, the attacker must consider whether to attempt to exploit the vulnerability or not.

If the system is set to detect this vulnerability, it will recognize that it is under attack and can respond, either by locking the system down until proper administrators have a chance to react, by monitoring the attack and tracing the assailant, or by disconnecting the attacker.

The essence of this principle is that raising the time or risk involved, the attacker is denied the information required to make a solid risk-reward decision about whether to attack in the first place.