Lost in Translation: Improving Decoy Documents via Automated Translation

Abstract-The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.

show abstract

“…Others study how to create effective decoys [41] and honeypots [42]. Stolfo et al [43] extend this work to the cloud.…”

Section: Related Workmentioning

confidence: 95%

Insider Threat Identification by Process Analysis

Bishop

Conboy

Phan

et al. 2014

2014 IEEE Security and Privacy Workshops

View full text Add to dashboard Cite

show abstract

“…In this paper we introduce a data-driven approach to create believable project folders that can be deployed to detect data theft attempts. Previous approaches focused on creating and placing single decoy documents( [13], [2], [10], [11]) or file systems [6]. Conceptually we also create decoys to detect data theft.…”

Section: Related Workmentioning

confidence: 99%

Towards Creating Believable Decoy Project Folders for Detecting Data Theft

Thaler

Hartog

Petković

2016

Data and Applications Security and Privacy XXX

View full text Add to dashboard Cite

Digital data theft is difficult to detect and typically it also takes a long time to discover that data has been stolen. This paper introduces a data-driven approach based on Markov chains to create believable decoy project folders which can assist in detecting potentially ongoing attacks. This can be done by deploying these intrinsically valueless folders between real project folders and by monitoring interactions with them. We present our approach and results from a user study demonstrating the believability of the generated decoy folders.

show abstract

“…In [5], a project history is simulated for a piece of bogus software is produced by introducing obfuscated software variations. Similarly, in [9], the creation of documents in foreign languages is proposed to deceive attackers without the ability to apply translation tools on the fly.…”

Section: Indistinguishabilitymentioning

confidence: 99%

A bodyguard of lies

Juels

2014

Proceedings of the 19th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Decoy objects, often labeled in computer security with the term honey, are a powerful tool for compromise detection and mitigation. There has been little exploration of overarching theories or set of principles or properties, however. This short paper (and accompanying keynote talk) briefly explore two properties of honey systems, indistinguishability and secrecy. The aim is to illuminate a broad design space that might encompass a wide array of areas in information security, including access control, the main topic of this symposium.

show abstract

Lost in Translation: Improving Decoy Documents via Automated Translation

Cited by 32 publications

References 2 publications

Insider Threat Identification by Process Analysis

Insider Threat Identification by Process Analysis

Towards Creating Believable Decoy Project Folders for Detecting Data Theft

A bodyguard of lies

Contact Info

Product

Resources

About