Fox in the Trap: Thwarting Masqueraders via Automated Decoy Document Deployment
Organizations face a persistent challenge detecting malicious insiders as well as outside attackers who compromise legitimate credentials and then masquerade as insiders. No matter how good an organization’s perimeter defenses are, eventually they will be compromised or betrayed from the inside. Monitored decoy documents (honey files with enticing names and content) are a promising approach to aid in the detection of malicious masqueraders and insiders. In this paper, we present a new technique for decoy document distribution that can be used to improve the scalability of insider detection. We develop a placement application that automates the deployment of decoy documents and we report on two user studies to evaluate its effectiveness. The first study indicates that our automated decoy distribution tool is capable of strategically placing decoy files in a way that offers comparable security to optimal manual deployment. In the second user study, we measure the frequency that normal users access decoy documents on their own systems and show that decoy files do not significantly interfere with normal user tasks.
- eurosec_15_0.pdf application/pdf 225 KB Download File
Also Published In
- Proceedings of the Eighth European Workshop on System Security
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 14, 2015
Presented at the European Workshop on System Security (EuroSec); 2015.