Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles

Whitham, Ben

doi:10.24251/hicss.2017.733

Cited by 28 publications

(25 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of challenges the previous works try to address is how to make fake files as real as possible. To address this challenge, HoneyGen is proposed, which automatically generates fake files by profiling existing real files [12]. Fake files are also utilized to detect ransomware [13].…”

Section: Related Work a Deception Technologymentioning

confidence: 99%

PhantomFS: File-Based Deception Technology for Thwarting Malicious Users

Lee

Choi

Lee³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

File-based deception technologies can be used as an additional security barrier when adversaries have successfully gained access to a host evading intrusion detection systems. Adversaries are detected if they access fake files. Though previous works have mainly focused on using user data files as decoys, this concept can be applied to system files. If so, it is expected to be effective in detecting malicious users because it is very difficult to commit an attack without accessing a single system file. However, it may suffer from excessive false alarms by legitimate system services such as file indexing and searching. Legitimate users may also access fake files by mistake. This paper addresses this issue by introducing a hidden interface. Legitimate users and applications access files through the hidden interface which does not show fake files. The hidden interface can also be utilized to hide sensitive files by hiding them from the regular interface. By experiments, we demonstrate the proposed technique incurs negligible performance overhead, and it is an effective countermeasure to various attack scenarios and practical in that it does not generate false alarms for legitimate applications and users.

show abstract

Section: Related Work a Deception Technologymentioning

confidence: 99%

PhantomFS: File-Based Deception Technology for Thwarting Malicious Users

Lee

Choi

Lee³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The paper proposes an alternative approach that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords, a perfectly flat honeyword generation method which reduce the storage cost. Ben Whitham [7]…”

Section: B Conventional Encryptionmentioning

confidence: 99%

Technique to Thwart Brute-Force Attack : A Survey

James¹,

Dileesh²

2020

IJSRSET

View full text Add to dashboard Cite

Most encryption techniques have one essential problem that is they are vulnerable to brute-force attacks. Techniques used to prevent brute force attacks are increasing password length, password complexity, limit login attempts, using captcha, two factor authentication etc. A new mechanism to prevent against brute-force attack was introduced and this mechanism is known as Deception Model. Deception-based security mechanisms focus on altering adversaries perception in a way that can confuse them and waste their time and resources. This technique exploit adversaries biases and present them with a plausible looking but fake data. This technique can be used to serve for encrypting e-mail messages, human-generated messages and documents that are stored at different platforms. This paper will offer an detailed study of the current situation of Deception Model.

show abstract

“…They are observable by means of file-access monitoring, and more flexible than comments and DB-entries, but have the downside of interfering with usage and might be mistakenly found by legitimate users. Typically, the most effort for this decoy type is devoted to contextual adaptation [16], which is not part of this work. (g) File metadata (D 7 ): Information that is not part of the content itself is frequently of sensitive nature as well.…”

Section: Decoy Elementsmentioning

confidence: 99%

“…This can be prevented by determining suitable metadata based on the environment. Context-sensitivity is the objective of previous research work [16], [29]- [31], and not part of this work. (b) Process information: An attacker with system access may identify suspicious processes running on…”

Section: Security Analysismentioning

confidence: 99%

Deep Down the Rabbit Hole: On References in Networks of Decoy Elements

Reti

Fraunholz

Zemitis

et al. 2020

2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

View full text Add to dashboard Cite

Deception technology has proven to be a sound approach against threats to information systems. Aside from well-established honeypots, decoy elements, also known as honeytokens, are an excellent method to address various types of threats. Decoy elements are causing distraction and uncertainty to an attacker and help detecting malicious activity. Deception is meant to be complementing firewalls and intrusion detection systems. Particularly insider threats may be mitigated with deception methods. While current approaches consider the use of multiple decoy elements as well as context-sensitivity, they do not sufficiently describe a relationship between individual elements. In this work, interreferencing decoy elements are introduced as a plausible extension to existing deception frameworks, leading attackers along a path of decoy elements. A theoretical foundation is introduced, as well as a stochastic model and a reference implementation. It was found that the proposed system is suitable to enhance current decoy frameworks by adding a further dimension of inter-connectivity and therefore improve intrusion detection and prevention.

show abstract

Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles

Abstract: Abstract

Cited by 28 publications

References 24 publications

PhantomFS: File-Based Deception Technology for Thwarting Malicious Users

PhantomFS: File-Based Deception Technology for Thwarting Malicious Users

Technique to Thwart Brute-Force Attack : A Survey

Deep Down the Rabbit Hole: On References in Networks of Decoy Elements

Contact Info

Product

Resources

About