Academic Commons

Articles

Automating the Injection of Believable Decoys to Detect Snooping

Bowen, Brian M.; Kemerlis, Vasileios; Rabhu, Pratap; Keromytis, Angelos D.; Stolfo, Salvatore

We propose a novel trap-based architecture for enterprise networks that detects "silent" attackers who are eavesdropping network traffic. The primary contributions of our work are the ease of injecting, automatically, large amounts of believable bait, and the integration of various detection mechanisms in the back-end. We demonstrate our methodology in a prototype platform that uses our decoy injection API to dynamically create and dispense network traps on a subset of our campus wireless network. Finally, we present results of a user study that demonstrates the believability of our automatically generated decoy traffic.

Subjects

Files

Also Published In

Title
WiSec'10: Proceedings of the Third ACM Conference on Wireless Network Security: Hoboken, New Jersey, March 22-24, 2010
DOI
https://doi.org/10.1145/1741866.1741880

More About This Work

Academic Units
Computer Science
Publisher
Association for Computing Machinery
Published Here
August 9, 2011
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.