Layer 8 Tarpits:

European Conference on Cyber Warfare and Security Pub Date : 2022-06-08 DOI:10.34190/eccws.21.1.252

T. Virtanen, Petteri Simola

{"title":"Layer 8 Tarpits:","authors":"T. Virtanen, Petteri Simola","doi":"10.34190/eccws.21.1.252","DOIUrl":null,"url":null,"abstract":"This paper presents a concept for utilising falsified documents and disinformation as a security measure by diminishing the utility of the stolen information for the attacker. Classical definition of tarpitting honeypots is to create virtual servers attractive to worms and other malware that answer their connection attempts in such a way that the machine on the other end becomes stuck. A common extension to the OSI model is to refer the user as the layer 8 on top of the application layer. By generating attractive looking but falsified documents and datasets within our secured network along with the real information, we could be able to force the malicious user on the other end similarly to be 'stuck' as they need to dig through and verify all the information they have managed to steal. This in effect slows down the opponents' decision making speed, can make their activity in the network more visible and possibly even mislead them. The concept has similarities to the Canary trap or Barium Meal type of tests, and using Honey tokens to help identify who might be the leaker or from which database the data was stolen. However, the amount of falsified data or fake entries in databases in our concept is significantly larger and the main purpose is to diminish the utility of the stolen data or otherwise leaked information. The requirement to verify the information and scan through piles of documents trying to found the real information among them can give more time to the defender to react if the attack was noticed. It will also reduce the value of the information if it is just dumped in the open, as its contents and authenticity can be more easily questioned. AI powered methods such as the GPT-3 that can generate massive amounts very realistic looking text which is hard to differentiate from human generated texts could make this type of concept more feasible to the defender to utilise. The shortcoming of this concept is the risk that legitimate end-users could also confuse the real and falsified information together if that is not prevented somehow.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/eccws.21.1.252","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This paper presents a concept for utilising falsified documents and disinformation as a security measure by diminishing the utility of the stolen information for the attacker. Classical definition of tarpitting honeypots is to create virtual servers attractive to worms and other malware that answer their connection attempts in such a way that the machine on the other end becomes stuck. A common extension to the OSI model is to refer the user as the layer 8 on top of the application layer. By generating attractive looking but falsified documents and datasets within our secured network along with the real information, we could be able to force the malicious user on the other end similarly to be 'stuck' as they need to dig through and verify all the information they have managed to steal. This in effect slows down the opponents' decision making speed, can make their activity in the network more visible and possibly even mislead them. The concept has similarities to the Canary trap or Barium Meal type of tests, and using Honey tokens to help identify who might be the leaker or from which database the data was stolen. However, the amount of falsified data or fake entries in databases in our concept is significantly larger and the main purpose is to diminish the utility of the stolen data or otherwise leaked information. The requirement to verify the information and scan through piles of documents trying to found the real information among them can give more time to the defender to react if the attack was noticed. It will also reduce the value of the information if it is just dumped in the open, as its contents and authenticity can be more easily questioned. AI powered methods such as the GPT-3 that can generate massive amounts very realistic looking text which is hard to differentiate from human generated texts could make this type of concept more feasible to the defender to utilise. The shortcoming of this concept is the risk that legitimate end-users could also confuse the real and falsified information together if that is not prevented somehow.

查看原文本刊更多论文

第八层酒石:

本文提出了一种利用伪造文件和虚假信息作为安全措施的概念，通过减少攻击者对被盗信息的效用。“蜜罐攻击”的经典定义是创建虚拟服务器，吸引蠕虫和其他恶意软件，以这样一种方式回应它们的连接尝试，使另一端的机器卡住。OSI模型的一个常见扩展是将用户称为应用层之上的第8层。通过在我们的安全网络中生成具有吸引力但伪造的文档和数据集以及真实信息，我们可以迫使另一端的恶意用户同样被“卡住”，因为他们需要挖掘并验证他们设法窃取的所有信息。这实际上减缓了对手的决策速度，可以使他们在网络中的活动更明显，甚至可能误导他们。这个概念与金丝雀陷阱或钡餐类型的测试有相似之处，并使用Honey代币来帮助识别谁可能是泄密者或从哪个数据库窃取数据。然而，在我们的概念中，数据库中伪造数据或虚假条目的数量要大得多，其主要目的是减少被盗数据或其他泄露信息的效用。需要验证信息并扫描成堆的文件，试图从中找到真正的信息，这可以给防御者更多的时间，以便在攻击被发现时做出反应。如果只是将信息公开，也会降低信息的价值，因为其内容和真实性更容易受到质疑。AI驱动的方法，如GPT-3，可以生成大量非常逼真的文本，这很难与人类生成的文本区分开来，可以使这种类型的概念对防御者来说更可行。这个概念的缺点是，如果不以某种方式加以防止，合法的最终用户也可能混淆真实信息和伪造信息。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

European Conference on Cyber Warfare and Security

自引率

0.00%

发文量