Creation and Management of Social Network Honeypots for Detecting Targeted Cyber Attacks

被引：34

作者：

Paradise A. ^{[1
]}

Shabtai A. ^{[1
]}

Puzis R. ^{[1
]}

Elyashar A. ^{[1
]}

Elovici Y. ^{[1
]}

Roshandel M. ^{[2
]}

Peylo C. ^{[3
]}

机构：

[1] Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva

[2] Deutsche Telekom AG (T-Systems and Telekom Innovation Laboratories), Berlin

[3] Bosch Center for Artificial Intelligence, Renningen

来源：

IEEE Transactions on Computational Social Systems | 2017年 / 4卷 / 03期

关键词：

Advanced persistent threats (APTs); social network security; socialbots;

D O I：

10.1109/TCSS.2017.2719705

中图分类号：

学科分类号：

摘要：

Reconnaissance is the initial and essential phase of a successful advanced persistent threat (APT). In many cases, attackers collect information from social media, such as professional social networks. This information is used to select members that can be exploited to penetrate the organization. Detecting such reconnaissance activity is extremely hard because it is performed outside the organization premises. In this paper, we propose a framework for management of social network honeypots to aid in detection of APTs at the reconnaissance phase. We discuss the challenges that such a framework faces, describe its main components, and present a case study based on the results of a field trial conducted with the cooperation of a large European organization. In the case study, we analyze the deployment process of the social network honeypots and their maintenance in real social networks. The honeypot profiles were successfully assimilated into the organizational social network and received suspicious friend requests and mail messages that revealed basic indications of a potential forthcoming attack. In addition, we explore the behavior of employees in professional social networks, and their resilience and vulnerability toward social network infiltration. © 2014 IEEE.

引用

页码：65 / 79

页数：14

共 59 条

[1]

Technologies C., Defending Against Advanced Persistent Threats: Strategies for A New Era of Attacks, (2012)

[2]

Virvilis N., Vanautgaerden B., Serrano O.S., Changing the game: The art of deceiving sophisticated attackers, Proc. 6th Int. Conf. IEEE Cyber Conflict (CyCon), pp. 87-97, (2014)

[3]

Incident Response, (2015)

[4]

Micro A.T., Custom Defense Against Targeted Attacks, (2014)

[5]

Advanced Persistent Threats and Other Advanced Attacks, (2011)

[6]

Villeneuve N., Bennett J., Detecting apt activity with network traffic analysis, Trend Micro Incorporated, (2012)

[7]

Jasek R., Kolarik M., Vymola T., APT detection system using honeypots, Proc. 13th Int. Conf. Appl. Informat. Commun. (AIC), pp. 25-29, (2013)

[8]

Kemp S., Digital in 2017: Global Overview, (2017)

[9]

Advanced Persistent Threat Awareness, (2013)

[10]

Ahmad I., How Many Internet and #SocialMedia Users Are Fake, (2015)

← 1 2 3 4 5 6 →