@inproceedings{56bd5d0c01234f5b818c7267893dcf69,
title = "Honeysweeper: Towards stealthy Honeytoken fingerprinting techniques",
abstract = "The increased number of data breaches and sophisticated attacks have created a need for early detection mechanisms. Reports indicate that it may take up to 200 days to identify a data breach and entail average costs of up to $4.85 million. To cope with cyber-deception approaches like honeypots have been used for proactive attack detection and as a source of data for threat analysis. Honeytokens are a subset of honeypots that aim at creating deceptive layers for digital entities in the form of files and folders. Honeytokens are an important tool in the proactive identification of data breaches and intrusion detection as they raise an alert the moment a deceptive entity is accessed. In such deception-based defensive tools, it is key that the adversary does not detect the presence of deception. However, recent research shows that honeypots and honeytokens may be fingerprinted by adversaries. Honeytoken fingerprinting is the process of detecting the presence of honeytokens in a system without triggering an alert. In this work, we explore potential fingerprinting attacks against the most common open-source honeytokens. Our findings suggest that an advanced attacker can identify the majority of honeytokens without triggering an alert. Furthermore, we propose methods that help in improving the deception layer, the information received from the alerts, and the design of honeytokens.",
keywords = "Honeypots, fingerprinting, honeytokens, Counter-deception, Fingerprinting, Honeytokens",
author = "Mohamed Msaad and Shreyas Srinivasa and {M{\o}ller Andersen}, Mikkel and David Audran and Orji, {Charity U.} and Emmanouil Vasilomanolakis",
year = "2023",
month = jan,
day = "1",
doi = "10.1007/978-3-031-22295-5_6",
language = "English",
isbn = "978-3-031-22294-8",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "101--119",
editor = "Reiser, {Hans P.} and Marcel Kyas",
booktitle = "Secure IT Systems",
address = "Germany",
note = "The 27th Nordic Conference on Secure IT Systems, NordSec 2022, NordSec 2022 ; Conference date: 30-11-2022 Through 02-12-2022",
}