Implementing PII honeytokens to mitigate against the threat of malicous insiders

Abstract

In the past several years, extensive research has been performed in various honeypot technologies, including honeynets, honeywalls, and honeytokens, primarily to gather information about external threats. Little to no research has been performed on how honeytokens, pieces of digital information designed to attract and trace illicit uses of data, can be implemented to catch one of the most dangerous threats, the trusted insider. The goal of this work is to detect, identify, and confirm insider threats, specifically threats that are after personally identifiable information (PII) data.