Automated Honey Document Generation Using Genetic Algorithm

被引：2

作者：

Feng, Yun ^{[1
,2
]}

Liu, Baoxu ^{[1
,2
]}

Zhang, Yue ^{[1
,2
]}

Zhang, Jinli ^{[1
,2
]}

Liu, Chaoge ^{[1
,2
]}

Liu, Qixu ^{[1
,2
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[2] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

来源：

WIRELESS ALGORITHMS, SYSTEMS, AND APPLICATIONS, WASA 2021, PT III | 2021年 / 12939卷

关键词：

Honey document; Genetic algorithm; Exfiltration attack; Cyber deception;

D O I：

10.1007/978-3-030-86137-7_3

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Sensitive data exfiltration attack is one of predominant threats to cybersecurity. The honey document is a type of cyber deception technology to address this issue. Most existing works focus on the honey document deployment or bait design, ignoring the importance of the document contents. Believable and enticing honey contents are the foundation for achieving attacker deception, attack discovery, and sensitive data protection. This paper presents a method for automating the generation of honey document contents by measuring believability and enticement. We use real documents as materials, replace sensitive information with insensitive parts of other documents to generate honey contents. A genetic algorithm (GA) is deployed to achieve automatic multiobjective optimization of the generation process. Our method allows generating a set of diverse honey documents from one origin. The attackers have to wade through plenty of documents with the same topics and similar contents in detail to distinguish them, thus hindering the exfiltration attack. We conducted numerical and manual experiments with both Chinese and English documents, where the results validate the effectiveness.

引用

页码：20 / 28

页数：9

共 11 条

[1] Ben Salem M, 2011, LECT NOTES COMPUT SC, V6739, P35, DOI 10.1007/978-3-642-22424-9_3
[2] Bowen BM, 2009, L N INST COMP SCI SO, V19, P51
[3] A Fake Online Repository Generation Engine for Cyber Deception
Chakraborty, Tanmoy
Jajodia, Sushil
Katz, Jonathan
Picariello, Antonio
Sperli, Giancarlo
Subrahmanian, V. S.
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (02) : 518 - 533
[4] Holland J.H., 1992, Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence, P1
[5] Fake Document Generation for Cyber Deception by Manipulating Text Comprehensibility
Karuna, Prakruthi
Purohit, Hemant
Jajodia, Sushil
Ganesan, Rajesh
Uzuner, Ozlem
[J]. IEEE SYSTEMS JOURNAL, 2021, 15 (01): : 835 - 845
[6] Generating Hard to Comprehend Fake Documents for Defensive Cyber Deception
Karuna, Prakruthi
Purohit, Hemant
Ganesan, Rajesh
Jajodia, Sushil
[J]. IEEE INTELLIGENT SYSTEMS, 2018, 33 (05) : 16 - 25
[7] Voris J., 2012, 2012 IEEE CS Security and Privacy Workshops (SPW 2012), P129, DOI 10.1109/SPW.2012.20
[8] Generation and Distribution of Decoy Document System
Wang, Lei
Li, Chenglong
Tan, QingFeng
Wang, XueBin
[J]. TRUSTWORTHY COMPUTING AND SERVICES, 2014, 426 : 123 - 129
[9] Whitham Ben, 2013, International Journal of Cyber-Security and Digital Forensics, V2, P103
[10] Whitham B, 2017, PROCEEDINGS OF THE 50TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, P6069

← 1 2 →