Browse > Article
http://dx.doi.org/10.3837/tiis.2021.05.017

EDGE: An Enticing Deceptive-content GEnerator as Defensive Deception  

Li, Huanruo (National Digital Switching System Engineering and Technological Research Center)
Guo, Yunfei (National Digital Switching System Engineering and Technological Research Center)
Huo, Shumin (National Digital Switching System Engineering and Technological Research Center)
Ding, Yuehang (National Digital Switching System Engineering and Technological Research Center)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.5, 2021 , pp. 1891-1908 More about this Journal
Abstract
Cyber deception defense mitigates Advanced Persistent Threats (APTs) with deploying deceptive entities, such as the Honeyfile. The Honeyfile distracts attackers from valuable digital documents and attracts unauthorized access by deliberately exposing fake content. The effectiveness of distraction and trap lies in the enticement of fake content. However, existing studies on the Honeyfile focus less on this perspective. In this work, we seek to improve the enticement of fake text content through enhancing its readability, indistinguishability, and believability. Hence, an enticing deceptive-content generator, EDGE, is presented. The EDGE is constructed with three steps: extracting key concepts with a semantics-aware K-means clustering algorithm, searching for candidate deceptive concepts within the Word2Vec model, and generating deceptive text content under the Integrated Readability Index (IR). Furthermore, the readability and believability performance analyses are undertaken. The experimental results show that EDGE generates indistinguishable deceptive text content without decreasing readability. In all, EDGE proves effective to generate enticing deceptive text content as deception defense against APTs.
Keywords
Cyber deception defense; Decoy file; Fake text; Honeyfile; Honeypot;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Webb, J. Caverlee, and C. Pu, "Social honeypots: Making friends with a spammer near you,"in Proc. of the 5th Conf. Email Anti-Spam, CEAS 2008., pp. 1-10, 2008
2 G. Stringhini, C. Kruegel, and G. Vigna, "Detecting spammers on social networks," in Proc. of 26th Annu. Comput. Secur. Appl. Conf. - ACSAC '10, pp. 1-9, 2010.
3 J. Voris, J. Jermyn, A. D. Keromytis, and S. J. Stolfo, "Bait and Snitch : Defending Computer Systems with Decoys," pp. 1-25, 2013.
4 F. Cohen, "A note on the role of deception in information protection," Comput. Secur., vol. 17, no. 6, pp. 483-506, 1998.   DOI
5 B. Liu, Z. Liu, J. Zhang, T. Wei, and W. Zou, "How many eyes are spying on your shared folders?," in Proc. of ACM Conf. Comput. Commun. Secur., pp. 109-116, 2012.
6 B. Whitham, "Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles," in Proc. of the 50th Hawaii International Conference on System Sciences, pp. 6069- 6078, 2017.
7 T. Mikolov, K. Chen, G. S. Corrado, and J. Dean, "Efficient Estimation of Word Representations in Vector Space," arXiv, 2013. [Online]. Available: https://arxiv.org/pdf/1301.3781.pdf
8 M. H. Almeshekah, "Using deception to enhance security: A Taxonomy, Model, and Novel Uses," Ph.D. dissertation, Dept. Comput. Sci., Purdue Univ., West Lafayette, IN, USA, 2015.
9 I. Mokube and M. Adams, "Honeypots: concepts, approaches, and challenges," in Proc. of the 45th ACM Southeast Regional Conference, pp. 321-326, 2007.
10 trapdocs. https://deception.ai/trapdocs/
11 R. M. B. Secretary Acting, "Guide for Conducting Risk Assessments," 2011.
12 Y. Ding, H. Yu, J. Zhang, H. Li, and Y. Gu, "A Knowledge Representation Based User-Driven Ontology Summarization Method," IEICE Trans. Inf. Syst., vol. E102.D, no. 9, pp. 1870-1873, 2019.   DOI
13 N. C. Rowe and J. Rrushi, Introduction to Cyberdeception, Cham, Switzerland: Springer International Publishing, 2016, pp-1-8.
14 P. Karuna, H. Purohit, S. Jajodia, R. Ganesan, and O. Uzuner, "Fake Document Generation for Cyber Deception by Manipulating Text Comprehensibility," IEEE Syst. J., vol. 15, no. 1, pp. 835-845, 2021.   DOI
15 J. Choi et al., "PhantomFS-v2: Dare You to Avoid This Trap," IEEE Access, vol. 8, pp. 198285-198300, 2020,   DOI
16 N. Virvilis, B. Vanautgaerden, and O. S. Serrano, "Changing the game: The art of deceiving sophisticated attackers," in Proc. of the Int. Conf. Cyber Conflict, pp. 87-97, 2014.
17 A. Kyriakou and N. Sklavos, "Container-Based Honeypot Deployment for the Analysis of Malicious Activity," in Proc. of 2018 Glob. Inf. Infrastruct. Netw. Symp., pp. 1-4, 2018.
18 E. Sharma, C. Li, and L. Wang, "BIGPATENT: A Large-Scale Dataset for Abstractive and Coherent Summarization," arXiv, 2019. [Online]. Available: https://arxiv.org/pdf/1906.03741.pdf
19 B. M. Bowen, P. Prabhu, V. P. Kemerlis, S. Sidiroglou, A. D. Keromytis, and S. J. Stolfo, "Botswindler: Tamper resistant injection of believable decoys in vm-based hosts for crimeware detection," in Proc. of International Workshop on Recent Advances in Intrusion Detection, pp. 118-137, 2010.
20 E. De Cristofaro, A. Friedman, G. Jourjon, M. A. Kaafar, and M. Z. Shafiq, "Paying for likes? Understanding facebook like fraud using honeypots," in Proc. of ACM SIGCOMM Internet Meas. Conf. IMC, pp. 129-136, 2014.
21 B. Whitham, "Towards a set of metrics to guide the generation of fake computer file systems," in Proc. of tthe 12th Australian Digital Forensics Conference, 2014.
22 J. Pennington, R. Socher, and C. D. Manning, "GloVe: Global Vectors for Word Representation," in Proc. of Empirical Methods in Natural Language Processing (EMNLP), pp. 1532-1543, 2014.
23 A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, "A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities," IEEE Commun. Surv. Tutorials, vol. 21, no. 2, pp. 1851-1877, 2019.   DOI
24 S. Achleitner, T. La Porta, P. McDaniel, S. Sugrim, S. V. Krishnamurthy, and R. Chadha, "Cyber Deception," in Proc. of the 8th ACM CCS International Workshop on Managing Insider Security Threats, pp. 57-68, 2016..
25 M. H. Almeshekah and E. H. Spafford, "Planning and Integrating Deception into Computer Security Defenses," in Proc. of the 2014 workshop on New Security Paradigms Workshop - NSPW '14, pp. 127-138, 2014.
26 N. Nikiforakis, M. Balduzzi, S. van Acker, W. Joosen, and D. Balzarotti, "Exposing the lack of privacy in file hosting services," in Proc. of the 4th USENIX Work. Large-Scale Exploit. Emergent Threat. Botnets, spyware, Worms, More, 2011.
27 L. Spitzner, "The Honeynet Project: trapping the hackers," in Proc. of IEEE Symposium on Security and Privacy, vol. 1, no. 2, pp. 15-23, 2003.
28 M. Ben Salem and S. J. Stolfo, "Decoy document deployment for effective masquerade attack detection," Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 6739 LNCS, pp. 35-54, 2011.   DOI
29 J. Voris, J. Jermyn, N. Boggs, and S. Stolfo, "Fox in the trap," in Proc. of the Eighth European Workshop on System Security - EuroSec '15, pp. 1-7, 2015.
30 T. Chakraborty, S. Jajodia, J. Katz, A. Picariello, G. Sperli, and V. S. Subrahmanian, "FORGE: A Fake Online Repository Generation Engine for Cyber Deception," IEEE Trans. Dependable Secur. Comput., vol. 18, no. 2, pp. 518-533, 2021.   DOI
31 B. M. Bowen, "Design and Analysis of Decoy Systems for Computer Security," Ph.D. dissertation, Dept. Comput. Sci., Columbia Univ., New York, NY, USA, 2011.
32 J. Voris, N. Boggs, and S. J. Stolfo, "Lost in Translation: Improving Decoy Documents via Automated Translation," in Proc. of IEEE Symposium on Security and Privacy, pp.129-133, 2012.
33 M. Lazarov, J. Onaolapo, and G. Stringhini, "Honey Sheets: What Happens to Leaked Google Spreadsheets?," in Proc. of 9th Workshop on Cyber Security Experimentation and Test (CSET 16), 2016.
34 D. Fraunholz et al., "Demystifying Deception Technology:A Survey," arXiv, Apr. 2018. [Online]. Available: https://arxiv.org/pdf/1804.06196.pdf
35 J. J. Yuill, "Defensive computer-security deception operations: Processes, principles and techniques," Ph.D. dissertation, Dept. Comput. Sci., North Carolina State Univ., Raleigh, NC, USA, 2006.
36 J. Yuill, M. Zappe, D. Denning, and F. Feet, "Honeyfiles : Deceptive Files for Intrusion Detection," in Proc. of the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116-122, 2004.
37 X. Han, N. Kheir, and D. Balzarotti, "Deception techniques in computer security: A research perspective," ACM Comput. Surv., vol. 51, no. 4, pp.1-36, 2018, Art. no. 80.