Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41897

Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles

File SizeFormat 
paper0748.pdf1.95 MBAdobe PDFView/Open

Item Summary

Title: Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles
Authors: Whitham, Ben
Keywords: canary files
cyber deception
honeyfiles
decoy files
Issue Date: 04 Jan 2017
Abstract: While advanced defenders have successfully used honeyfiles to detect unauthorized intruders and insider threats for more than 30 years, the complexity associated with adaptively devising enticing content has limited their diffusion. This paper presents four new designs for automating the construction of honeyfile content. The new designs select a document from the target directory as a template and employ word transposition and substitution based on parts of speech tagging and n-grams collected from both the target directory and the surrounding file system. These designs were compared to previous methods using a new theory to quantitatively evaluate honeyfile enticement. The new designs were able to successfully mimic the content from the target directory, whilst minimizing the introduction of material from other sources. The designs may also hold potential to match many of the characteristics of nearby documents, whilst minimizing the replication of copyrighted or classified material from documents they are protecting
Pages/Duration: 10 pages
URI/DOI: http://hdl.handle.net/10125/41897
ISBN: 978-0-9981331-0-2
DOI: 10.24251/HICSS.2017.733
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Deception, Digital Forensics, and Malware Minitrack



Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.