A Honeypot For Spies: Understanding Internet-Based Data Theft

reportActive / Technical Report | Accession Number: AD1069590 | Open PDF

Abstract:

Creating ruses and planting false documents to deceive our adversaries is a tactic that has been used for a long time. Honeypots allow us to easily plant false data on information systems while we monitor what attackers access and download. This enables us to learn of a potential spys interests and intents, helping defenders decide how to concentrate their resources when protecting critical information networks. In this thesis, we used a content-based Web honeypot to monitor access to military-related documents to see what type of information Internet users were most interested in obtaining. We created a webserver within the Naval Postgraduate School address range, mimicked the Naval Postgraduate School librarys website layout, and used webpage and webserver log monitoring software to analyze activity. We characterized both human and automated bot activity and found that the cyber subpage was the most popular among both types of users. Additionally, human-user document downloads tended to be in order of appearance on the webpage alphabetically, but bot-user downloads appeared to be more random.

Author(s):
Henderson, Blake T.
Author Organization(s):
NAVAL POSTGRADUATE SCHOOL MONTEREY CA MONTEREY United States
Descriptive Note:
Technical Report
Pagination:
0103

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release;

RECORD

Collection: TR
Subject Terms
Joint Capability Areas:
JCA_5_Command and Control; JCA_2.2_Collection; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_7_Protection; JCA_5.3_Planning; JCA_5.2_Understand; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_4_Logistics; JCA_4.3_Maintain; JCA_1.2.3_Educating; JCA_1.2.5_Lessons Learned; JCA_1.2.7_Experimentation; JCA_4.1_Deployment and Distribution; JCA_4.3.1_Depot Maintenance; JCA_5.5.2_Task; JCA_5.5_Direct; JCA_4.2_Supply
Modernization Areas:
Cyber; Autonomy
Communities of Interest:
Cyber
Descriptor(s):
information systems, operating systems, internet, computer networks, computer network security, network protocols, cyberwarfare, cyberattacks
Field(s)/Group(s):
Computer Systems, Computer Systems, Computer Systems, Computer Systems
Keyword(s):
data theft, honeypots, electronic counterintelligence, ASP(application service provider), DNS(domain name system), PDF(portable document format), PHP(hypertext preprocessor), RFC(request for comments), SSH(secure shell), URI(uniform resource identifier), URL(uniform resource locator)
Report Date:
2018 Dec 01
Creation Date:
2019 Mar 28