Honeyfiles: Deceptive Files for Intrusion Detection

Yuill, Jim; Zappe, Mike; Denning, Dorothy; Feer, Fred

Honeyfiles: Deceptive Files for Intrusion Detection

Active / Technical Report | Accession Number: ADA484922 |

Open PDF

Abstract:

This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honeyfile is accessed. For example, a honeyfile named passwords.txt would be enticing to most hackers. The file servers end-users create honeyfiles, and the end-users receive the honeyfiles alarms. Honeyfiles can increase a networks internal security without adversely affecting normal operations. The honeyfile system was tested by deploying it on a honeynet, where hackers use of honeyfiles was observed. The use of honeynets to test a computer security device is also discussed. This form of testing is a useful way of finding the faulty and overlooked assumptions made by the devices developers.

Author(s):

Yuill, Jim ; Zappe, Mike ; Denning, Dorothy ; Feer, Fred

Author Organization(s):

NORTH CAROLINA STATE UNIV AT RALEIGH DEPT OF COMPUTER SCIENCE

Descriptive Note:

Conference paper

Supplementary Note:

Presented at the IEEE Workshop on Information Assurance held in West Point, NY in June 2004. Published in the Proceedings of the IEEE Workshop on Information Assurance, 2004.

Pagination:

0008

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

OSD/NA

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_6.4.2_Protect Data and Networks; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_5_Command and Control; JCA_2_Battlespace Awareness; JCA_6.1_Information Transport; JCA_5.3_Planning; JCA_2.4.2_Evaluation; JCA_1.2_Force Preparation; JCA_1_Force Support; JCA_2.2_Collection; JCA_2.4.3_Interpretation; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services

Modernization Areas:

Cyber

Communities of Interest:

No COI(s) Identified

Descriptor(s):

*DECEPTION, *INTRUSION DETECTION(COMPUTERS), *COMPUTER FILES, DATA TRANSMISSION SECURITY, WARNING SYSTEMS, ATTACK, SYMPOSIA

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

*HONEYFILES, COMPUTER SECURITY, FILE SERVERS, NETWORK INTERNAL SECURITY

Report Date:

2004 Jun 01

Creation Date:

2008 Aug 27