Honeysweeper: Towards stealthy Honeytoken fingerprinting techniques

Mohamed Msaad*, Shreyas Srinivasa, Mikkel Møller Andersen, David Audran, Charity U. Orji, Emmanouil Vasilomanolakis

*Corresponding author for this work

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

1 Citation (Scopus)
106 Downloads (Pure)

Abstract

The increased number of data breaches and sophisticated attacks have created a need for early detection mechanisms. Reports indicate that it may take up to 200 days to identify a data breach and entail average costs of up to $4.85 million. To cope with cyber-deception approaches like honeypots have been used for proactive attack detection and as a source of data for threat analysis. Honeytokens are a subset of honeypots that aim at creating deceptive layers for digital entities in the form of files and folders. Honeytokens are an important tool in the proactive identification of data breaches and intrusion detection as they raise an alert the moment a deceptive entity is accessed. In such deception-based defensive tools, it is key that the adversary does not detect the presence of deception. However, recent research shows that honeypots and honeytokens may be fingerprinted by adversaries. Honeytoken fingerprinting is the process of detecting the presence of honeytokens in a system without triggering an alert. In this work, we explore potential fingerprinting attacks against the most common open-source honeytokens. Our findings suggest that an advanced attacker can identify the majority of honeytokens without triggering an alert. Furthermore, we propose methods that help in improving the deception layer, the information received from the alerts, and the design of honeytokens.
Original languageEnglish
Title of host publicationSecure IT Systems : 27th Nordic Conference, NordSec 2022, Reykjavic, Iceland, November 30–December 2, 2022, Proceedings
EditorsHans P. Reiser, Marcel Kyas
Number of pages19
PublisherSpringer
Publication date1 Jan 2023
Pages101-119
ISBN (Print)978-3-031-22294-8
ISBN (Electronic)978-3-031-22295-5
DOIs
Publication statusPublished - 1 Jan 2023
EventThe 27th Nordic Conference on Secure IT Systems, NordSec 2022 - Reykjavik University, Reykjavik, Iceland
Duration: 30 Nov 20222 Dec 2022

Conference

ConferenceThe 27th Nordic Conference on Secure IT Systems, NordSec 2022
LocationReykjavik University
Country/TerritoryIceland
CityReykjavik
Period30/11/202202/12/2022
SeriesLecture Notes in Computer Science
VolumeLNCS 13700
ISSN0302-9743

Keywords

  • Honeypots
  • fingerprinting
  • honeytokens
  • Counter-deception
  • Fingerprinting
  • Honeytokens

Fingerprint

Dive into the research topics of 'Honeysweeper: Towards stealthy Honeytoken fingerprinting techniques'. Together they form a unique fingerprint.

Cite this