Automating the Generation of Fake Documents to Detect Network Intruders
نویسنده
چکیده
This paper introduces two concepts: Canary Files and a Canary File management system. A Canary File is a fake computer document that is placed amongst real documents in order to aid in the early detection of unauthorised data access, copying or modification. The Canary File acts as a hidden watermark for a file directory containing critical documents; the Canary File and its contents can be used as signatures to detect suspicious copying, access and deleting of files in the directory in preference to, or in conjunction with monitoring all of the file activity within the network. The name originates from canaries, which were used within coalmines as an early warning to miners. This paper also introduces the Serinus System, a Canary File management system designed to address some of the key challenges associated with creating realistic mimicry across a large and complex computer network. The Serinus System automates Canary File generation using content and file statistics drawn from three sources: (1) Internet harvested documents, (2) documents collected from across the entire enterprise environment, and (3) documents within the specific target directory. Each data source is allocated a weighting based on the strength of their relationship to the target directory. The weighting is seeded with a random value to avoid discovery by simple statistical based fake file detection systems. Research is continuing to assess the performance of both Canary Files and the Serinus
منابع مشابه
Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملAutomating the Generation of Enticing Text Content for High-Interaction Honeyfiles
While advanced defenders have successfully used honeyfiles to detect unauthorized intruders and insider threats for more than 30 years, the complexity associated with adaptively devising enticing content has limited their diffusion. This paper presents four new designs for automating the construction of honeyfile content. The new designs select a document from the target directory as a template...
متن کاملDetection of Fake Accounts in Social Networks Based on One Class Classification
Detection of fake accounts on social networks is a challenging process. The previous methods in identification of fake accounts have not considered the strength of the users’ communications, hence reducing their efficiency. In this work, we are going to present a detection method based on the users’ similarities considering the network communications of the users. In the first step, similarity ...
متن کاملAnomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors
Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...
متن کامل