Software decoys for insider threat

Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adversaries with fake information. Deception leverages uncertainty forcing adversaries to expend considerable effort to differentiate realistic useful information from purposely planted false information. In this paper, we propose software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code. The proposed system generates believable Java source code that appear to an adversary to be entirely valuable proprietary software. Bogus software is generated iteratively using code obfuscation techniques to transform original software using various transformation methods. Beacons are also injected into bogus software to detect the exfiltration and to make an alert if the decoy software is touched, compiled or executed. Based on similarity measurement, the experimental results demonstrate that the generated bogus software is different from the original software while maintaining similar complexity to confuse an adversary as to which is real and which is not.

[1]  Malek Ben Salem,et al.  Designing Host and Network Sensors to Mitigate the Insider Threat , 2009, IEEE Security & Privacy.

[2]  Frederick B. Cohen Defense-in-depth against computer viruses , 1992, Comput. Secur..

[3]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[4]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..

[5]  Koen De Bosschere,et al.  Run-Time Randomization to Mitigate Tampering , 2007, IWSEC.

[6]  Decoy Document Deployment for Effective Masquerade Attack Detection , 2011, DIMVA.

[7]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[8]  Daniel Shawcross Wilkerson,et al.  Winnowing: local algorithms for document fingerprinting , 2003, SIGMOD '03.

[9]  Salvatore J. Stolfo,et al.  Baiting Inside Attackers Using Decoy Documents , 2009, SecureComm.

[10]  Christian S. Collberg,et al.  The Obfuscation Executive , 2004, ISC.

[11]  Terence Parr,et al.  LL(*): the foundation of the ANTLR parser generator , 2011, PLDI '11.

[12]  J. Bowyer Bell,et al.  Cheating and Deception , 1991 .

[13]  J. Yuill,et al.  Honeyfiles: deceptive files for intrusion detection , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[14]  Russell W. Quong,et al.  Adding Semantic and Syntactic Predicates To LL(k): pred-LL(k) , 1994, CC.

[15]  Miles A. McQueen,et al.  Deception used for cyber defense of control systems , 2009, 2009 2nd Conference on Human System Interactions.

[16]  Dorothy E. Denning,et al.  Using Deception to Hide Things from Hackers: Processes, Principles, and Techniques , 2006 .