Catching the Wily Hacker: A multilayer deception system

Wang, Wei; Bickford, Jeffrey; Murynets, Ilona; Subbaraman, Ramesh; Forte, Andrea; Singaraju, Gokul

doi:10.1109/sarnof.2012.6222760

Cited by 16 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deception has also been studied for files/documents (Yuill et al 2004;Voris, Boggs, and Stolfo 2012;Chakraborty et al 2019), software code (Park and Stolfo 2012), and at the systems level (Jajodia et al 2016(Jajodia et al , 2017Wang et al 2012). A honeypot scheme has been proposed in (Yuill et al 2004), which distributed decoy honey files throughout the system so that alerts are triggered as soon as an attacker breaks into the system and accesses a honey file.…”

Section: Related Workmentioning

confidence: 99%

Randomized Generation of Adversary-aware Fake Knowledge Graphs to Combat Intellectual Property Theft

Kang

Molinaro

Pugliese

et al. 2021

AAAI

View full text Add to dashboard Cite

Knowledge Graphs (KGs) can be used to store information about software design, biomedical designs, and financial information---all domains where intellectual property and/or specialized knowledge must be kept confidential. Moreover, KGs can also be used to represent the content of technical documents. In order to deter theft of intellectual property via cyber-attacks, we consider the following problem: given a KG K0 (e.g., representing a software or biomedical device design or the content of a technical document), can we automatically generate a set of KGs that are similar enough to K0 (so they are hard to discern as synthetic) but sufficiently different (so as to be wrong)? If this is possible, then we will be one step closer to automatically generating fake KGs that an adversary has difficulty distinguishing from the original. We will also be closer to automatically generating documents corresponding to fake KGs so that an adversary who steals such documents has difficulty distinguishing the real from the fakes. We formally define this problem and prove that it is NP-hard. We show that obvious approaches to solving this problem do not satisfy a novel concept of "adversary-awareness" that we define. We provide a graph-theoretic characterization of the problem and leverage it to devise an "adversary-aware" algorithm. We validate the efficacy of our algorithm on 3 diverse real-world datasets, showing that it achieves high levels of deception.

show abstract

Section: Related Workmentioning

confidence: 99%

Randomized Generation of Adversary-aware Fake Knowledge Graphs to Combat Intellectual Property Theft

Kang

Molinaro

Pugliese

et al. 2021

AAAI

View full text Add to dashboard Cite

show abstract

“…The files reside on a file server, and the server sends an alarm when a honeyfile is accessed [46]. In [47], Wang et. al.…”

Section: User Machine Cloud Providermentioning

confidence: 99%

Mitigating Data Exfiltration in SaaS Clouds

Wilson¹,

Avery

2019

JBTL

View full text Add to dashboard Cite

Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. Research has shown that to adapt incident handling to cloud computing environments, cloud customers must establish clarity about their requirements on Cloud Service Providers (CSPs) for successful handling of incidents and contract CSPs accordingly. Secondly, CSPs must strive to support these requirements and mirror them in their Service Level Agreements. Intrusion Detection Systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. Facing new application scenarios in Cloud Computing, the IDS approaches yield several problems since the operator of the IDS should be the user, not the administrator of the Cloud infrastructure. Cloud providers need to enable possibilities to deploy and configure IDS for the user - which poses its own challenges. Current research and commercial solutions primarily focus on protecting against Denial of Service attacks and attacks against the Cloud’s virtual infrastructure. To counter these challenges, we propose a capability that aims to both detect and prevent the potential of data exfiltration by using a novel deception-based methodology. We also introduce a method of increasing the data protection level based on various threat conditions.

show abstract

“…This is a very labor intensive task". Even a recent solution proposed by Wang et al [29] requires a new software module to be developed for each topic. This approach is not scalable [25] and is at odds with the 'ease of use' security product design principle [2].…”

Section: Honeyfile Diffusionmentioning

confidence: 99%

“…One key advantage is that their content can entice external threat actors (who typically scan newly accessed file systems to identify valuable documents) [30] [29]. Highinteraction honeyfiles are also effective against malicious insiders masquerading as legitimate users; the attacker's lack of knowledge of the victim's access profile (files, locations of important directories, available applications, etc.)…”

mentioning

confidence: 99%