Baiting Inside Attackers Using Decoy Documents
作者: Brian M. Bowen , Shlomo Hershkop , Angelos D. Keromytis , Salvatore J. Stolfo
DOI: 10.1007/978-3-642-05284-2_4
关键词:
摘要: The insider threat remains one of the most vexing problems in computer security. A number approaches have been proposed to detect nefarious actions including user modeling and profiling techniques, policy access enforcement misuse detection. In this work we propose trap-based defense mechanisms a deployment platform for addressing problem insiders attempting exfiltrate use sensitive information. goal is confuse confound an adversary requiring more effort identify real information from bogus provide means detecting when attempt exploit has occurred. “Decoy Documents” are automatically generated stored on file system by D3 System with aim enticing malicious user. We introduce formalize properties decoys as guide design defenses increase likelihood attack. decoy documents contain several different types credentials that used, trigger alert. also embed “stealthy beacons” inside cause signal be emitted server indicating where particular was opened. evaluate honeypots penetrated attackers demonstrating feasibility method.
harvard.edu
springer.com
columbia.edu
sci-hub.st 参考文章(21)
Nong Ye, A Markov Chain Model of Temporal Behavior for Anomaly Detection information assurance and security. ,(2000)
Johannes Gehrke, Walker M. White, Mirek Riedewald, Biswanath Panda, Alan J. Demers, Varun Sharma, Cayuga: A General Purpose Event Monitoring System. conference on innovative data systems research. pp. 412- 422 ,(2007)
James Caverlee, Calton Pu, Steve Webb, Social Honeypots: Making Friends With A Spammer Near You. conference on email and anti-spam. ,(2008)
Yehuda Lindell, Jonathan Katz, Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series) ,(2020)
Jim Yuill, Fred Feer, Dorothy E. Denning, Using Deception to Hide Things from Hackers: Processes, Principles, and Techniques ,(2006)
C. Stoll, The Cuckoo's Egg ,(1989)
R. Power, CSI/FBI computer crime and security survey Computer Security Journal. ,vol. 17, pp. 20- 51 ,(2001)
Yehuda Lindell, Jonathan Katz, Introduction to Modern Cryptography ,(2007)
L. Spitzner, Honeypots: catching the insider threat annual computer security applications conference. pp. 170- 179 ,(2003) , 10.1109/CSAC.2003.1254322
Wei-Jen Li, Salvatore Stolfo, Angelos Stavrou, Elli Androulaki, Angelos D. Keromytis, A Study of Malcode-Bearing Documents Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 231- 250 ,(2007) , 10.1007/978-3-540-73614-1_14