PhantomFS-v2: Dare You to Avoid This Trap

Choi, Jione; Lee, Hwiwon; Park, Younggi; Kim, Huy Kang; Lee, Jung‐Hee; Kim, Young-Jae; Lee, Gyu-Ho; Shim, Shinwoo; Kim, Taegyu

doi:10.1109/access.2020.3034443

Cited by 8 publications

(2 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Generally, the Honeyfile is inaccessible to legitimate users. Only attackers enumerate files in system will touch decoy files [33]. The main purpose of a readable, believable and indistinguishable design of text content are: 1) increase the likelihood of being accessed, and 2) obfuscate attacker's recognition of the real information.…”

Section: Threat Modelmentioning

confidence: 99%

EDGE: An Enticing Deceptive-content GEnerator as Defensive Deception

2021

KSII TIIS

View full text Add to dashboard Cite

Cyber deception defense mitigates Advanced Persistent Threats (APTs) with deploying deceptive entities, such as the Honeyfile. The Honeyfile distracts attackers from valuable digital documents and attracts unauthorized access by deliberately exposing fake content. The effectiveness of distraction and trap lies in the enticement of fake content. However, existing studies on the Honeyfile focus less on this perspective. In this work, we seek to improve the enticement of fake text content through enhancing its readability, indistinguishability, and believability. Hence, an enticing deceptive-content generator, EDGE, is presented. The EDGE is constructed with three steps: extracting key concepts with a semantics-aware K-means clustering algorithm, searching for candidate deceptive concepts within the Word2Vec model, and generating deceptive text content under the Integrated Readability Index (IR). Furthermore, the readability and believability performance analyses are undertaken. The experimental results show that EDGE generates indistinguishable deceptive text content without decreasing readability. In all, EDGE proves effective to generate enticing deceptive text content as deception defense against APTs.

show abstract

Section: Threat Modelmentioning

confidence: 99%

EDGE: An Enticing Deceptive-content GEnerator as Defensive Deception

2021

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…HT: HT: [90], [109], [168] HT: [77], [89] HP: [53], [55]- [61], [67], [153], [160] HP: [53], [54] HP:…”

Section: B Deception Lifecyclementioning

confidence: 99%

Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

Zhang¹,

Thing²

2021

Preprint

View full text Add to dashboard Cite

Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a twodimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.

show abstract