research-article

Automating the injection of believable decoys to detect snooping

Authors:

Brian M. Bowen,

Vasileios P. Kemerlis,

Angelos D. Keromytis,

Salvatore J. StolfoAuthors Info & Claims

WiSec '10: Proceedings of the third ACM conference on Wireless network security

Pages 81 - 86

https://doi.org/10.1145/1741866.1741880

Published: 22 March 2010 Publication History

Abstract

We propose a novel trap-based architecture for enterprise networks that detects "silent" attackers who are eavesdropping network traffic. The primary contributions of our work are the ease of injecting, automatically, large amounts of believable bait, and the integration of various detection mechanisms in the back-end. We demonstrate our methodology in a prototype platform that uses our decoy injection API to dynamically create and dispense network traps on a subset of our campus wireless network. Finally, we present results of a user study that demonstrates the believability of our automatically generated decoy traffic.

References

[1]

P. Akritidis, W.Y. Chin, V.T. Lam, S. Sidiroglou, and K.G. Anagnostakis. Proximity breeds danger: Emerging threats in metro-area wireless networks. In Proceedings of the 16th USENIX Security Symposium, pages 323--338, August 2007.

Digital Library

[2]

AntiSniff. L0pht Heavy Industries. http://packetstormsecurity.org/sniffers/antisniff/.

[3]

M. Beck and E. Tews. Practical attacks against WEP and WPA. In Proceedings of the 2nd ACM Conference on Wireless Network Security (WiSec), pages 79--86, March 2009.

Digital Library

[4]

A. Bittau, M. Handley, and J. Lackey. The final nail in WEP's coffin. In Proceedings of the 27th IEEE Symposium on Security and Privacy, pages 386--400, May 2006.

Digital Library

[5]

B.M. Bowen, S. Hershkop, A.D. Keromytis, and S.J. Stolfo. Baiting inside attackers using decoy documents. In Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), pages 51--70, September 2009.

[6]

P. Cracknell, K. Gavrilenko, and A. Vladimirov. The wireless security survey of New York City. White paper 4th edition, RSA, The Security Division of EMC, 2008.

[7]

S. Grundschober and M. Dacier. Design and implementation of a sniffer detector. In Proceedings of the 1st International Workshop on the Recent Advances in Intrusion Detection, September 1998.

[8]

L. McGlasson. Tjx update: Breach worse than reported. Article, Bank Info Security, 2007.

[9]

Mini router. Open-Mesh. http://www.open-mesh.com.

[10]

L. Oudot. Wireless honeypot countermeasures. Technical report, SecurityFocus, 2004.

[11]

J. Pereira. How credit-card data went out wireless door. Article, Wall Street Journal, 2007.

[12]

J. Sommers and P. Barford. Self-configuring network traffic generation. In Proceedings of the 4th ACM SIGCOMM Internet Measurement Conference (IMC), pages 68--81, October 2004.

Digital Library

[13]

L. Spitzner. Honeytokens: The other honeypot. Technical report, SecurityFocus, 2003.

[14]

Tcpreplay. http://tcpreplay.synfin.net/trac/.

[15]

the madwifi project. http://madwifi-project.org.

[16]

A. Tsow, M. Jakobsson, L. Yang, and S. Wetzel. Warkitting: the drive-by subversion of wireless home routers. Journal of Digital Forensic Practice, 1(3):179--192, 2006.

[17]

A.M. Turing. Computing machinery and intelligence. Mind, New Series, 59(236):433--460, October 1950.

[18]

Wall of Sheep. http://www.wallofsheep.com/.

[19]

M. Zalewski. {the new p0f}. http://lcamtuf.coredump.cx/p0f.shtml.

Cited By

Kahlhofer MAchleitner SRass SMayrhofer R(2024)Honeyquest: Rapidly Measuring the Enticingness of Cyber Deception Techniques with Code-based QuestionnairesProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678897(317-336)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678897
Kahlhofer MRass S(2024)Application Layer Cyber Deception Without Developer Interaction2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00053(416-429)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00053
Tsouvalas BNikiforakis N(2024)Knocking on Admin’s Door: Protecting Critical Web Applications with DeceptionDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-64171-8_15(283-306)Online publication date: 9-Jul-2024
https://doi.org/10.1007/978-3-031-64171-8_15
Show More Cited By

Index Terms

Automating the injection of believable decoys to detect snooping
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Software decoys for insider threat
ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adversaries with fake information. Deception leverages uncertainty forcing adversaries to expend considerable effort to ...
A system for generating and injecting indistinguishable network decoys

We propose a novel trap-based architecture for detecting passive, “silent”, attackers who are eavesdropping on enterprise networks. Motivated by the increasing number of incidents where attackers sniff the local network for interesting information, such ...
Categorization of cyber security deception events for measuring the severity level of advanced targeted breaches
ECSA '17: Proceedings of the 11th European Conference on Software Architecture: Companion Proceedings

Advanced attackers have become more sophisticated in their target selection, evasion of detection and monetization of breached data. Cyber deception is used for gathering information about botnets and spreading worms, and to detect persistent external ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '10: Proceedings of the third ACM conference on Wireless network security

March 2010

186 pages

ISBN:9781605589237

DOI:10.1145/1741866

General Chair:
Susanne Wetzel
Stevens Institute of Technology, USA
,
Program Chairs:
Cristina Nita-Rotaru
Purdue University, USA
,
Frank Stajano
University of Cambridge, UK

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '10

Sponsor:

SIGSAC

WISEC '10: Third ACM Conference on Wireless Network Security

March 22 - 24, 2010

New Jersey, Hoboken, USA

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
339
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kahlhofer MAchleitner SRass SMayrhofer R(2024)Honeyquest: Rapidly Measuring the Enticingness of Cyber Deception Techniques with Code-based QuestionnairesProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678897(317-336)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678897
Kahlhofer MRass S(2024)Application Layer Cyber Deception Without Developer Interaction2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00053(416-429)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00053
Tsouvalas BNikiforakis N(2024)Knocking on Admin’s Door: Protecting Critical Web Applications with DeceptionDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-64171-8_15(283-306)Online publication date: 9-Jul-2024
https://doi.org/10.1007/978-3-031-64171-8_15
YANO TKUZUNO HMAGATA K(2023)File Tracking and Visualization Methods Using a Network Graph to Prevent Information LeakageIEICE Transactions on Information and Systems10.1587/transinf.2022ICP0014E106.D:9(1339-1353)Online publication date: 1-Sep-2023
https://doi.org/10.1587/transinf.2022ICP0014
Khan IGhani ASaqlain SAshraf MAlzahrani AKim D(2023)Secure Medical Data Against Unauthorized Access Using Decoy Technology in Distributed Edge Computing NetworksIEEE Access10.1109/ACCESS.2023.334416811(144560-144573)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3344168
Yano TKuzuno HMagata K(2022)Constructing a Network Graph of File Tracking Results Against Information Leakage2022 17th Asia Joint Conference on Information Security (AsiaJCIS)10.1109/AsiaJCIS57030.2022.00012(8-15)Online publication date: Jul-2022
https://doi.org/10.1109/AsiaJCIS57030.2022.00012
Mehnaz SBertino E(2021)A Fine-grained Approach for Anomaly Detection in File System Accesses with Enhanced Temporal User ProfilesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.2954507(1-1)Online publication date: 2021
https://doi.org/10.1109/TDSC.2019.2954507
Zhang LThing V(2021)Three decades of deception techniques in active cyber defense - Retrospect and outlookComputers and Security10.1016/j.cose.2021.102288106:COnline publication date: 1-Jul-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102288
Omolara AJantan AIsaac Abiodun OVictoria Dada KArshad HEmmanuel E(2019)A Deception Model Robust to Eavesdropping Over Communication for Social Network SystemsIEEE Access10.1109/ACCESS.2019.29283597(100881-100898)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2928359
Park KWoo SMoon DChoi H(2018)Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider ThreatSymmetry10.3390/sym1001001410:1(14)Online publication date: 2-Jan-2018
https://doi.org/10.3390/sym10010014
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents