The Experts below are selected from a list of 42 Experts worldwide ranked by ideXlab platform
Ben Whitham - One of the best experts on this subject based on the ideXlab platform.
-
HICSS - Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles
Proceedings of the 50th Hawaii International Conference on System Sciences (2017), 2017Co-Authors: Ben WhithamAbstract:While advanced defenders have successfully used honeyfiles to detect unauthorized intruders and insider threats for more than 30 years, the complexity associated with adaptively devising enticing content has limited their diffusion. This paper presents four new designs for automating the construction of honeyfile content. The new designs select a document from the Target Directory as a template and employ word transposition and substitution based on parts of speech tagging and n-grams collected from both the Target Directory and the surrounding file system. These designs were compared to previous methods using a new theory to quantitatively evaluate honeyfile enticement. The new designs were able to successfully mimic the content from the Target Directory, whilst minimizing the introduction of material from other sources. The designs may also hold potential to match many of the characteristics of nearby documents, whilst minimizing the replication of copyrighted or classified material from documents they are protectin
-
Automating the Generation of Fake Documents to Detect Network
2016Co-Authors: Ben WhithamAbstract:This paper introduces two concepts: Canary Files and a Canary File management system. A Canary File is a fake computer document that is placed amongst real documents in order to aid in the early detection of unauthorised data access, copying or modification. The Canary File acts as a hidden watermark for a file Directory containing critical documents; the Canary File and its contents can be used as signatures to detect suspicious copying, access and deleting of files in the Directory in preference to, or in conjunction with monitoring all of the file activity within the network. The name originates from canaries, which were used within coalmines as an early warning to miners. This paper also introduces the Serinus System, a Canary File management system designed to address some of the key challenges associated with creating realistic mimicry across a large and complex computer network. The Serinus System automates Canary File generation using content and file statistics drawn from three sources: (1) Internet harvested documents, (2) documents collected from across the entire enterprise environment, and (3) documents within the specific Target Directory. Each data source is allocated a weighting based on the strength of their relationship to the Target Directory. The weighting is seeded with a random value to avoid discovery by simple statistical based fake file detection systems. Research is continuing to assess the performance of both Canary Files and the Serinu
-
CANARY FILES: GENERATING FAKE FILES TO DETECT CRITICAL DATA LOSS FROM COMPLEX COMPUTER NETWORKS
2013Co-Authors: Ben WhithamAbstract:This paper introduces two concepts: Canary Files and a Canary File management system. A Canary File is a fake computer document that is placed amongst real documents in order to aid in the early detection of unauthorised data access, copying or modification. The name originates from canaries, which were used within coalmines as an early warning to miners. This paper also introduces the Serinus System, a Canary File management system designed to address some of the key challenges associated with operating a cyber deception capability. The Serinus System automates Canary Files generation using content and file statistics drawn from three sources: (1) Internet harvested documents, (2) documents collected from across the entire enterprise environment, and (3) documents within the specific Target Directory. Each data source is allocated a weighting based on the strength of their relationship to the Target Directory. The weighting is seeded with a random value to avoid discovery by simple statistical based fake file detection systems. Research is continuing to assess the performance of both Canary Files and the Serinus System.
-
AUTOMATING THE GENERATION OF FAKE DOCUMENTS TO DETECT NETWORKINTRUDERS
International Journal of Cyber-Security and Digital Forensics, 2013Co-Authors: Ben WhithamAbstract:This paper introduces two concepts: Canary Files and a Canary File management system. A Canary File is a fake computer document that is placed amongst real documents in order to aid in the early detection of unauthorised data access, copying or modification. The Canary File acts as a hidden watermark for a file Directory containing critical documents; the Canary File and its contents can be used as signatures to detect suspicious copying, access and deleting of files in the Directory in preference to, or in conjunction with monitoring all of the file activity within the network. The name originates from canaries, which were used within coalmines as an early warning to miners. This paper also introduces the Serinus System, a Canary File management system designed to address some of the key challenges associated with creating realistic mimicry across a large and complex computer network. The Serinus System automates Canary File generation using content and file statistics drawn from three sources: (1) Internet harvested documents, (2) documents collected from across the entire enterprise environment, and (3) documents within the specific Target Directory. Each data source is allocated a weighting based on the strength of their relationship to the Target Directory. The weighting is seeded with a random value to avoid discovery by simple statistical based fake file detection systems. Research is continuing to assess the performance of both Canary Files and the Serinus System.
Jesse D. Kornblum - One of the best experts on this subject based on the ideXlab platform.
-
Auditing Hash Sets: Lessons Learned from Jurassic Park
Journal of Digital Forensic Practice, 2008Co-Authors: Jesse D. KornblumAbstract:Auditing a set of cryptographic hashes allows a forensic examiner to determine the state of a Target Directory as compared to those hashes. Unlike traditional hash comparison methods, an audit takes into account all of the files in the Target Directory and their relative paths. Not taking these data into account can impair examinations and tool certifications. An audit examines each file in the Target Directory, computes its hash, and compares it to a file containing the known hash values. Any file not in the set of known hashes is flagged as being inserted. When all of the files in the Target Directory have been examined, any known hashes that have not been matched are flagged as being missing. The result is a complete picture comparing the set of known hashes and the Target Directory.
D Kornblumjesse - One of the best experts on this subject based on the ideXlab platform.
-
Auditing Hash Sets
Journal of Digital Forensic Practice, 2008Co-Authors: D KornblumjesseAbstract:Auditing a set of cryptographic hashes allows a forensic examiner to determine the state of a Target Directory as compared to those hashes. Unlike traditional hash comparison methods, an audit take...
Wen-lian Hsu - One of the best experts on this subject based on the ideXlab platform.
-
Web Intelligence - Web Directory Integration Using Conditional Random Fields
2006 IEEE WIC ACM International Conference on Web Intelligence (WI 2006 Main Conference Proceedings)(WI'06), 2006Co-Authors: Wen-lian HsuAbstract:The purpose of integrating web directories is to transfer instances from a source to a Target Directory. Unlike con-ventional text categorization, in Directory integration, there is extra information about the source Directory that can be used to improve the classification accuracy. Many approaches exploit the measured similarity between two corresponding classes to enhance traditional text classifi-ers. These methods perform well if the topics of two classes are very similar, but they could lead to misclassifi-cation if the topics are dissimilar. We propose a Directory integration approach based on the conditional random fields (CRFs) model, and model the integration process using a finite-state model. The advantage of using CRFs is that the transition features naturally include information about the relations between classes. Our results show that CRFs outperform conven-tional text classifiers. In addition, CRFs allow us to apply complex features to integrate the information about the contents of class and their labels. The performance of our approach can be improved by applying these features, especially for instances whose source and Target classes are moderately similar.
Whitham Ben - One of the best experts on this subject based on the ideXlab platform.
-
Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles
AIS Electronic Library (AISeL), 2017Co-Authors: Whitham BenAbstract:While advanced defenders have successfully used honeyfiles to detect unauthorized intruders and insider threats for more than 30 years, the complexity associated with adaptively devising enticing content has limited their diffusion. This paper presents four new designs for automating the construction of honeyfile content. The new designs select a document from the Target Directory as a template and employ word transposition and substitution based on parts of speech tagging and n-grams collected from both the Target Directory and the surrounding file system. These designs were compared to previous methods using a new theory to quantitatively evaluate honeyfile enticement. The new designs were able to successfully mimic the content from the Target Directory, whilst minimizing the introduction of material from other sources. The designs may also hold potential to match many of the characteristics of nearby documents, whilst minimizing the replication of copyrighted or classified material from documents they are protectin
