Automating the injection of believable decoys to detect snooping

Authors:
Brian M. Bowen;Vasileios P. Kemerlis;Pratap Prabhu;Angelos D. Keromytis;Salvatore J. Stolfo
Affiliations:
Columbia University, New York, USA;Columbia University, New York, USA;Columbia University, New York, USA;Columbia University, New York, USA;Columbia University, New York, USA
Venue:
Proceedings of the third ACM conference on Wireless network security
Year:
2010

Citing 4
Cited 1

Self-configuring network traffic generation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
The Final Nail in WEP's Coffin

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Proximity breeds danger: emerging threats in metro-area wireless networks

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Practical attacks against WEP and WPA

Proceedings of the second ACM conference on Wireless network security

Detecting traffic snooping in tor using decoys

RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a novel trap-based architecture for enterprise networks that detects "silent" attackers who are eavesdropping network traffic. The primary contributions of our work are the ease of injecting, automatically, large amounts of believable bait, and the integration of various detection mechanisms in the back-end. We demonstrate our methodology in a prototype platform that uses our decoy injection API to dynamically create and dispense network traps on a subset of our campus wireless network. Finally, we present results of a user study that demonstrates the believability of our automatically generated decoy traffic.