Sciweavers

WISEC
2010
ACM

Automating the injection of believable decoys to detect snooping

13 years 10 months ago
Automating the injection of believable decoys to detect snooping
We propose a novel trap-based architecture for enterprise networks that detects “silent” attackers who are eavesdropping network traffic. The primary contributions of our work are the ease of injecting, automatically, large amounts of believable bait, and the integration of various detection mechanisms in the back-end. We demonstrate our methodology in a prototype platform that uses our decoy injection API to dynamically create and dispense network traps on a subset of our campus wireless network. Finally, we present results of a user study that demonstrates the believability of our automatically generated decoy traffic. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection—invasive software, unauthorized access; K.6.m [Management of Computing and Information Systems]: Miscellaneous—security General Terms Design, Measurement, Security Keywords Decoys, Honeyflow, Honeytoken, Traffic generation, Trapbased defense, De...
Brian M. Bowen, Vasileios P. Kemerlis, Pratap V. P
Added 14 May 2010
Updated 14 May 2010
Type Conference
Year 2010
Where WISEC
Authors Brian M. Bowen, Vasileios P. Kemerlis, Pratap V. Prabhu, Angelos D. Keromytis, Salvatore J. Stolfo
Comments (0)