Creation and Management of Social Network Honeypots for Detecting Targeted Cyber Attacks

Paradise, Abigail; Shabtai, Asaf; Puzis, Rami; Elyashar, Aviad; Elovici, Yuval; Roshandel, Mehran; Peylo, Christoph

doi:10.1109/tcss.2017.2719705

Cited by 48 publications

(26 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing detection methods mainly aim at detecting attacks in social network by a series of abnormal states of accounts, the content of messages, or the social relationship of users. There are little related works in the early stages of attacks in social network [20,[23][24][25], and our approach is primarily aimed at the reconnaissance stage of the attack. At this stage, the attacker collects and analyzes users' information and selects the appropriate attack target and method.…”

Section: Related Workmentioning

confidence: 99%

Stopping the Cyberattack in the Early Stage: Assessing the Security Risks of Social Network Users

Feng

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

Online social networks have become an essential part of our daily life. While we are enjoying the benefits from the social networks, we are inevitably exposed to the security threats, especially the serious Advanced Persistent Threat (APT) attack. The attackers can launch targeted cyberattacks on a user by analyzing its personal information and social behaviors. Due to the wide variety of social engineering techniques and undetectable zero-day exploits being used by attackers, the detection techniques of intrusion are increasingly difficult. Motivated by the fact that the attackers usually penetrate the social network to either propagate malwares or collect sensitive information, we propose a method to assess the security risk of the user being attacked so that we can take defensive measures such as security education, training, and awareness before users are attacked. In this paper, we propose a novel user analysis model to find potential victims by analyzing a large number of users’ personal information and social behaviors in social networks. For each user, we extract three kinds of features, i.e., statistical features, social-graph features, and semantic features. These features will become the input of our user analysis model, and the security risk score will be calculated. The users with high security risk score will be alarmed so that the risk of being attacked can be reduced. We have implemented an effective user analysis model and evaluated it on a real-world dataset collected from a social network, namely, Sina Weibo (Weibo). The results show that our model can effectively assess the risk of users’ activities in social networks with a high area under the ROC curve of 0.9607.

show abstract

Section: Related Workmentioning

confidence: 99%

Stopping the Cyberattack in the Early Stage: Assessing the Security Risks of Social Network Users

Feng

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Khattab et al (2006) and Moore (2016) examine how honeypot principles could be utilized to detect and mitigate attacks, such as spoofing, 2 DDOS, and ransomware attacks. Paradise et al (2017) investigate the application of honeypots to the reconnaissance phase of advanced persistent threats (APTs) as a way to collect basic indications of potential forthcoming attacks. A common theme to these articles is that honeypots can add an additional layer of security for networks and provide security capabilities not possible by other measures.…”

Section: Deception Detection and Mitigationmentioning

confidence: 99%

“…In many cases, the organization may not become aware of the intrusion for a substantial period of time, compounding the impact on the organization. The longer the time lag, the more difficult it will be for cybersecurity specialists to understand how the attack was performed and apply this learning to prevent future attacks (Paradise et al, 2017). If a honeypot had been employed, a more desirable outcome would occur.…”

Section: Solution: a Proactive Cyber Risk Management Techniquementioning

confidence: 99%

Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach

Marotta¹,

McShane²

2018

Risk Manage Insurance Review

View full text Add to dashboard Cite

Cyber threats are an emerging risk posing a range of challenges to organizations of all sizes. Corporate risk managers need to understand that cyber risk management must not be a silo in the IT department. Cyber threats are the result of intelligent adaptive agents that cannot be managed by traditional risk management techniques only. The article describes the honeypot concept, which is a proactive measure for identifying and gathering information about attackers in order to develop suitable and effective countermeasures. In addition, this article proposes the integration of the honeypot concept into a cyber risk management approach based on the five preparedness mission areas of the Federal Emergency Management Agency (FEMA).

show abstract

“…In order to evaluate the proposed method for profile generation, we used the dataset from a case study that was collected and used in [15]. The dataset contains 20,673 users with details including: first name, last name, age, address, birthdate, education record (educational institutions, years of study, and education types), and employment record (places of employment, years, and positions).…”

Section: A Real CV Database Descriptionmentioning

confidence: 99%

ProfileGen: Generation of Automatic and Realistic Artificial Profiles

Paradise

Cohen

Shabtai

et al. 2018

2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)

Self Cite

View full text Add to dashboard Cite

Online social networks (OSNs) are abused by cyber criminals for various malicious activities. One of the most effective approaches for detecting malicious activity in OSNs involves the use of social network honeypotsartificial profiles that are deliberately planted within OSNs in order to attract abusers. Honeypot profiles have been used in detecting spammers, potential cyber attackers, and advanced attackers. Therefore, there is a growing need for the ability to reliably generate realistic artificial honeypot profiles in OSNs. In this research we present 'ProfileGen' -a method for the automated generation of profiles for professional social networks, giving particular attention to producing realistic education and employment records. 'ProfileGen' creates honeypot profiles that are similar to actual data by extrapolating the characteristics and properties of real data items. Evaluation by 70 domain experts confirms the method's ability to generate realistic artificial profiles that are indistinguishable from real profiles, demonstrating that our method can be applied to generate realistic artificial profiles for a wide range of applications.

show abstract

Creation and Management of Social Network Honeypots for Detecting Targeted Cyber Attacks

Cited by 48 publications

References 27 publications

Stopping the Cyberattack in the Early Stage: Assessing the Security Risks of Social Network Users

Stopping the Cyberattack in the Early Stage: Assessing the Security Risks of Social Network Users

Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach

ProfileGen: Generation of Automatic and Realistic Artificial Profiles

Contact Info

Product

Resources

About