Home

Software-based Decoy System for Insider Threats

Younghee Park; Salvatore Stolfo

Title:
Software-based Decoy System for Insider Threats
Author(s):
Park, Younghee
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Book/Journal Title:
Proceedings of the 7th International Symposium on ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, May 2-4, 2012
Publisher:
ACM Press
Publisher Location:
New York
Abstract:
Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adversaries with fake information. Deception leverages uncertainty forcing adversaries to expend considerable effort to differentiate realistic useful information from purposely planted false information. In this paper, we propose software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code. The proposed system generates believable Java source code that appear to an adversary to be entirely valuable proprietary software. Bogus software is generated iteratively using code obfuscation techniques to transform original software using various transformation methods. Beacons are also injected into bogus software to detect the exfiltration and to make an alert if the decoy software is touched, compiled or executed. Based on similarity measurement, the experimental results demonstrate that the generated bogus software is different from the original software while maintaining similar complexity to confuse an adversary as to which is real and which is not.
Subject(s):
Computer science
Item views:
133
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use