Abstract
With the continuous rise in the numbers and sophistication of cyber-attacks, defenders are moving towards more proactive lines of defense. Deception methods such as honeypots and moving target defense paradigms, are nowadays utilized in a multitude of ways. A honeytoken is an umbrella term that describes honeypot-like entities/resources that can be inserted into a network or system. The moment an adversary interacts with a honeytoken, an alert is raised. Similar to honeypots, the value of honeytokens lies in their indistinguishability; if an attacker can detect them, e.g. via a fingerprinting tool, they can easily evade them. In this paper, we propose and discuss honeytoken fingerprinting methods. To the best of our knowledge, this is the first paper to examine honeytoken-specific fingerprinting. Furthermore, we showcase a proof of concept that is able to successfully detect a number of honeytoken types.
| Original language | English |
|---|---|
| Title of host publication | International Conference on Security of Information and Networks (ACM SIN) |
| Editors | Berna Ors, Atilla Elci |
| Number of pages | 5 |
| Publisher | Association for Computing Machinery |
| Publication date | 2020 |
| Pages | 1-5 |
| Article number | 28 |
| ISBN (Electronic) | 978-1-4503-8751-4 |
| DOIs | |
| Publication status | Published - 2020 |
| Event | SIN 2020: 13th International Conference on Security of Information and Networks - Istanbul, Turkey Duration: 4 Nov 2020 → 6 Nov 2020 |
Conference
| Conference | SIN 2020: 13th International Conference on Security of Information and Networks |
|---|---|
| Country/Territory | Turkey |
| City | Istanbul |
| Period | 04/11/2020 → 06/11/2020 |
Keywords
- honeypots
- honeytoken
- fingerprinting
- attacks
- cybersecurity
- deception
- honeytokens