Abstract
With the continuous rise in the numbers and sophistication of cyber-attacks, defenders are moving towards more proactive lines of defense. Deception methods such as honeypots and moving target defense paradigms, are nowadays utilized in a multitude of ways. A honeytoken is an umbrella term that describes honeypot-like entities/resources that can be inserted into a network or system. The moment an adversary interacts with a honeytoken, an alert is raised. Similar to honeypots, the value of honeytokens lies in their indistinguishability; if an attacker can detect them, e.g. via a fingerprinting tool, they can easily evade them. In this paper, we propose and discuss honeytoken fingerprinting methods. To the best of our knowledge, this is the first paper to examine honeytoken-specific fingerprinting. Furthermore, we showcase a proof of concept that is able to successfully detect a number of honeytoken types.
Originalsprog | Engelsk |
---|---|
Titel | International Conference on Security of Information and Networks (ACM SIN) |
Redaktører | Berna Ors, Atilla Elci |
Antal sider | 5 |
Forlag | Association for Computing Machinery |
Publikationsdato | 2020 |
Sider | 1-5 |
Artikelnummer | 28 |
ISBN (Elektronisk) | 978-1-4503-8751-4 |
DOI | |
Status | Udgivet - 2020 |
Begivenhed | SIN 2020: 13th International Conference on Security of Information and Networks - Istanbul, Tyrkiet Varighed: 4 nov. 2020 → 6 nov. 2020 |
Konference
Konference | SIN 2020: 13th International Conference on Security of Information and Networks |
---|---|
Land/Område | Tyrkiet |
By | Istanbul |
Periode | 04/11/2020 → 06/11/2020 |