Title :
Honeyfiles: deceptive files for intrusion detection
Author :
Yuill, Jim ; Zappe, Mike ; Denning, Dorothy ; Feer, Fred
Author_Institution :
Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA
Abstract :
This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honey file is accessed. For example, a honeyfile named "passwords.txt" would be enticing to most hackers. The file server\´s end-users create honeyfiles, and the end-users receive the honeyfile\´s alarms. Honeyfiles can increase a network\´s internal security without adversely affecting normal operations. The honeyfile system was tested by deploying it on a honeynet, where hackers\´ use of honeyfiles was observed. The use of honeynets to test a computer security device is also discussed. This form of testing is a useful way of finding the faulty and overlooked assumptions made by the device\´s developers.
Keywords :
file servers; security of data; computer security; deceptive files; file server; honeyfiles; intrusion detection; Computer hacking; Computer security; File servers; Intrusion detection; Network servers; Prototypes; Read only memory; Standards organizations; System testing; Workstations;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437806
