Honeyfiles: Deceptive Files for Intrusion Detection

Abstract

This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honeyfile is accessed. For example, a honeyfile named "passwords.txt" would be enticing to most hackers. The file server's end-users create honeyfiles, and the end-users receive the honeyfile's alarms. Honeyfiles can increase a network's internal security without adversely affecting normal operations. The honeyfile system was tested by deploying it on a honeynet, where hackers' use of honeyfiles was observed. The use of honeynets to test a computer security device is also discussed. This form of testing is a useful way of finding the faulty and overlooked assumptions made by the device's developers.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2004
Accession Number
ADA484922

Entities

People

  • Dorothy Denning
  • Fred Feer
  • Jim Yuill
  • Mike Zappe

Organizations

  • North Carolina State University

Tags

DTIC Thesaurus Topics

  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Electronic Mail
  • False Alarms
  • Information Assurance
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Operating Systems
  • Security
  • Security Personnel
  • Servers (Computer Hardware)
  • United States Military Academy
  • Warning Systems

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Irregular Warfare and Special Operations Cyberspace Operations against Adversarial Threats.
  • Logistics and Supply Chain Management.

Technology Areas

  • Cyber