skip to main content
10.1145/2414456.2414511acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Software decoys for insider threat

Published: 02 May 2012 Publication History

Abstract

Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adversaries with fake information. Deception leverages uncertainty forcing adversaries to expend considerable effort to differentiate realistic useful information from purposely planted false information. In this paper, we propose software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code. The proposed system generates believable Java source code that appear to an adversary to be entirely valuable proprietary software. Bogus software is generated iteratively using code obfuscation techniques to transform original software using various transformation methods. Beacons are also injected into bogus software to detect the exfiltration and to make an alert if the decoy software is touched, compiled or executed. Based on similarity measurement, the experimental results demonstrate that the generated bogus software is different from the original software while maintaining similar complexity to confuse an adversary as to which is real and which is not.

References

[1]
http://sneakers.cs.columbia.edu: 8080/fog/.
[2]
B. M. Bowen and et. al. Baiting inside attackers using decoy documents. In 5th International ICST conference for Security and Privacy in Communication Networks (SecureComm), 2009.
[3]
S. R. Chidamber and et.al. A metrics suite for object oriented design. IEEE Transaction on Software Engingeering, 1994.

Cited By

View all
  • (2024)GAIT: A Game-Theoretic Defense Against Intellectual Property TheftIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.329922521:4(1967-1980)Online publication date: Jul-2024
  • (2024)Work-in-Progress: Protecting Knowledge Graph-based Descriptions of Digital Twins2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00085(701-705)Online publication date: 8-Jul-2024
  • (2024)A Comprehensive Survey on Cyber Deception Techniques to Improve Honeypot PerformanceComputers & Security10.1016/j.cose.2024.103792(103792)Online publication date: Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
May 2012
119 pages
ISBN:9781450316484
DOI:10.1145/2414456
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2012

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. code obfuscation
  2. decoy
  3. insider attacks

Qualifiers

  • Research-article

Conference

ASIA CCS '12
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)GAIT: A Game-Theoretic Defense Against Intellectual Property TheftIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.329922521:4(1967-1980)Online publication date: Jul-2024
  • (2024)Work-in-Progress: Protecting Knowledge Graph-based Descriptions of Digital Twins2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00085(701-705)Online publication date: 8-Jul-2024
  • (2024)A Comprehensive Survey on Cyber Deception Techniques to Improve Honeypot PerformanceComputers & Security10.1016/j.cose.2024.103792(103792)Online publication date: Mar-2024
  • (2024)Knocking on Admin’s Door: Protecting Critical Web Applications with DeceptionDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-64171-8_15(283-306)Online publication date: 9-Jul-2024
  • (2023)Evaluating a Planning Product for Active Cyberdefense and Cyberdeception2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00395(2451-2456)Online publication date: 24-Jul-2023
  • (2023)Secure Medical Data Against Unauthorized Access Using Decoy Technology in Distributed Edge Computing NetworksIEEE Access10.1109/ACCESS.2023.334416811(144560-144573)Online publication date: 2023
  • (2023)Decoy Processes With Optimal Performance FingerprintsIEEE Access10.1109/ACCESS.2023.327199911(43216-43237)Online publication date: 2023
  • (2023)Classical Network Security TechnologyDiscovering Cybersecurity10.1007/978-1-4842-9560-1_8(253-301)Online publication date: 11-Aug-2023
  • (2022)Towards Deceptive Defense in Software Security with Chaff BugsProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545981(43-55)Online publication date: 26-Oct-2022
  • (2022)Generating Fake Documents Using Probabilistic Logic GraphsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.305899419:4(2428-2441)Online publication date: 1-Jul-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media