Behavioral Study of Users When Interacting with Active Honeytokens-Reference-Cited by-同舟云学术

Behavioral Study of Users When Interacting with Active Honeytokens

Published:2016-04-14 Issue:3 Volume:18 Page:1-21
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Shabtai Asaf¹,Bercovitch Maya¹,Rokach Lior¹,Gal Ya'akov (Kobi)¹,Elovici Yuval¹,Shmueli Erez²

Affiliation:

1. Ben-Gurion University of the Negev, Beer Sheva, Israel

2. Tel-Aviv University, Tel Aviv, Israel

Abstract

Active honeytokens are fake digital data objects planted among real data objects and used in an attempt to detect data misuse by insiders. In this article, we are interested in understanding how users (e.g., employees) behave when interacting with honeytokens, specifically addressing the following questions: Can users distinguish genuine data objects from honeytokens? And, how does the user's behavior and tendency to misuse data change when he or she is aware of the use of honeytokens? First, we present an automated and generic method for generating the honeytokens that are used in the subsequent behavioral studies. The results of the first study indicate that it is possible to automatically generate honeytokens that are difficult for users to distinguish from real tokens. The results of the second study unexpectedly show that users did not behave differently when informed in advance that honeytokens were planted in the database and that these honeytokens would be monitored to detect illegitimate behavior. These results can inform security system designers about the type of environmental variables that affect people's data misuse behavior and how to generate honeytokens that evade detection.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/2854152

Reference21 articles.

1. Siren: catching evasive malware

2. B. Bowen S. Hershkop A. Keromytis and S. Stolfo. 2009. Baiting inside attackers using decoy documents. In Security and Privacy in Communication Networks. 51--70. B. Bowen S. Hershkop A. Keromytis and S. Stolfo. 2009. Baiting inside attackers using decoy documents. In Security and Privacy in Communication Networks. 51--70.

3. A. Cenys D. Rainys L. Radvilavicius and N. Goranin. 2005. Implementation of honeytoken module in dbms oracle 9ir2 enterprise edition for internal malicious activity detection. In IEEE Computer Society's TC on Security and Privacy. 1--13. A. Cenys D. Rainys L. Radvilavicius and N. Goranin. 2005. Implementation of honeytoken module in dbms oracle 9ir2 enterprise edition for internal malicious activity detection. In IEEE Computer Society's TC on Security and Privacy. 1--13.

4. B. Contos. 2010. Top-10 guide for protecting sensitive data from malicious insiders. White Paper Imperva. B. Contos. 2010. Top-10 guide for protecting sensitive data from malicious insiders. White Paper Imperva.

Cited by 16 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Generation and deployment of honeytokens in relational databases for cyber deception;Computers & Security;2024-11

2. A splash of color: a dual dive into the effects of EVO on decision-making with goal models;Requirements Engineering;2024-07-08

3. Exploring Deception Techniques in Safeguarding IoT Networks from Intruders;2024 International Conference on Communication, Computer Sciences and Engineering (IC3SE);2024-05-09

4. A comprehensive survey on cyber deception techniques to improve honeypot performance;Computers & Security;2024-05

5. Evaluating Deception and Moving Target Defense with Network Attack Simulation;Proceedings of the 9th ACM Workshop on Moving Target Defense;2022-11-07