Using decoy documents to detect masquerade attacks
Issue Date
Embargo End Date
Authors
Advisor
Citation
Abstract
Privacy, security and integrity of data are becoming ever more important in a connected world. While every effort is being made to keep cyber criminals away from sensitive information, sometimes they succeed in bypassing perimeter defenses and masquerade as legitimate users. If that happens, deception remains the last line of defense. One of deception’s forms, decoy documents, or honeyfiles, offers a chance to detect the presence of an attacker without large capital investments. In laboratory tests, honeyfiles demonstrated big potential. This thesis describes the results of an experiment in which a server with decoy documents was exposed to real hackers through the Internet. The data collected shows that honeyfiles can be an effective complement to traditional Intrusion Detection Systems. Suggestions for further research and improvements to the method are also discussed.