Baiting Inside Attackers using Decoy Documents

Bowen, Brian M.; Hershkop, Shlomo; Keromytis, Angelos D.; Stolfo, Salvatore J.

doi:10.21236/ada500672

Cited by 35 publications

(35 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, an APT aims to take control of a legitimate host inside of an organization, and the attacker will try to emulate normal behavior in order to avoid detection. However, an important difference is that an insider may not need to exfiltrate the data through a network, hence many approaches of insider threat detection focus on host-based logs [36] and honeypot strategies [37] instead of analyzing network traffic as it is done in our approach. An important observation is that the framework proposed in this paper could be easily integrated in insider threat detection systems: its approach based on traffic analyses can contribute significantly to existing insider threat solutions, although insider threat detection is not its primary objective.…”

Section: Insider Threatmentioning

confidence: 99%

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

et al. 2016

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are the most critical menaces to modern organizations and the most challenging attacks to detect. They span over long periods of time, use encrypted connections and mimic normal behaviors in order to evade detection based on traditional defensive solutions. We propose an innovative approach that is able to analyze efficiently high volumes of network traffic to reveal weak signals related to data exfiltrations and other suspect APT activities. The final result is a ranking of the most suspicious internal hosts; this rank allows security specialists to focus their analyses on a small set of hosts out of the thousands of machines that typically characterize large organizations. Experimental evaluations in a network environment consisting of about 10K hosts show the feasibility and effectiveness of the proposed approach. Our proposal based on security analytics paves the way to novel forms of automatic defense aimed at early detection of APTs in large and continuously varying networked systems

show abstract

Section: Insider Threatmentioning

confidence: 99%

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

et al. 2016

View full text Add to dashboard Cite

show abstract

“…On the data level we find solutions such as the honeywords and honeydocuments. The honeyword method [1] hides the password of a user between k hash values of random passwords, and honeydocuments [6] is again a trapbased mechanism which uses decoy documents. All these mechanisms serve as a safeguard against adversaries who try to get unauthorized data access.…”

Section: Biometric Templates As Honey Objectsmentioning

confidence: 99%

“…Our first test to this regard is between the plain feature vectors c tst and the protected templates ST of user i. The general mathematical formula we have used is: (6) where var (x) is the variance of the vector x, and it is interpreted as the covariance of x with itself. The covariance cov(x, y) between vectors x and y shows how much the two vectors differ from each other.…”

Section: Correlation Test Between Plain Feature Vectors and Protectedmentioning

confidence: 99%

Protected Honey Face Templates

Martiri

Yang

Busch

2015

2015 International Conference of the Biometrics Special Interest Group (BIOSIG)

View full text Add to dashboard Cite

Most existing biometric template protection schemes (BTPS) do not provide as strong security as cryptographic tools; and furthermore, they are rarely able to detect during a verification process whether a probe template has been leaked from the database or not (i.e., being used by an imposter or a genuine user). By using the "honeywords" idea, which was proposed to detect the cracking of hashed password database, we show in this paper how to enable the detectability of biometric template database leakage. We add an extra layer of protection since biometric features cannot be renewed. The biometric system design implies that protection mechanisms must satisfy the irreversibility property and to this respect we apply different correlation tests to show the non-distinguishability between genuine and honey templates. In this paper we implement the idea of a honey template protection scheme on faces and evaluate the security and accuracy performance.

show abstract

“…Bowen et al [10] suggested using decoy documents to require an attacker to distinguish real information from false information, thereby confusing the attacker; this also allows the defenders to monitor those decoys, and hence the actions of the attackers. Ben Salem and Stolfo [7] characterize the desirable properties of decoys they have found effective.…”

Section: Deception and Floodingmentioning

confidence: 99%

Forgive and forget

Bishop

Butler

et al. 2013

Proceedings of the 2013 New Security Paradigms Workshop

View full text Add to dashboard Cite

Traditionally, if someone did some act that required forgiveness, there were social norms in place for such forgiveness to happen. Over time, the act is also typically forgotten. And, should the person not be forgiven and the social pressure become too great, he had the option of moving to a new location for a fresh start. Yet with the Internet, these options are no longer available. Worse, activities which traditionally did not even require forgiveness are now impacting lives in unexpected ways, and are never forgotten. There are, however, technical approaches that could be applied to the problem, such as (1) controlling dissemination through new access control models or cryptographic approaches, (2) flooding the web with contrary information, (3) leading users to believe the information applies to someone else, (4) changing the semantics of what was written, and (5) finding a way to take advantage of the inconvenient information. In this paper we discuss the social act of forgiveness, and go into detail on the possible technical approaches to "forgetting" without deleting.

show abstract

Baiting Inside Attackers using Decoy Documents

Cited by 35 publications

References 3 publications

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

Protected Honey Face Templates

Forgive and forget

Contact Info

Product

Resources

About