A Honeypot For Spies: Understanding Internet-Based Data Theft
Abstract
Creating ruses and planting false documents to deceive our adversaries is a tactic that has been used for a long time. Honeypots allow us to easily plant false data on information systems while we monitor what attackers access and download. This enables us to learn of a potential spys interests and intents, helping defenders decide how to concentrate their resources when protecting critical information networks. In this thesis, we used a content-based Web honeypot to monitor access to military-related documents to see what type of information Internet users were most interested in obtaining. We created a webserver within the Naval Postgraduate School address range, mimicked the Naval Postgraduate School librarys website layout, and used webpage and webserver log monitoring software to analyze activity. We characterized both human and automated (bot) activity and found that the cyber subpage was the most popular among both types of users. Additionally, human-user document downloads tended to be in order of appearance on the webpage (alphabetically), but bot-user downloads appeared to be more random.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2018
- Accession Number
- AD1069590
Entities
People
- Blake T. Henderson
Organizations
- Naval Postgraduate School