用户与活动蜜牌交互时的行为研究

Q Engineering
A. Shabtai, Maya Bercovitch, L. Rokach, Y. Gal, Y. Elovici, E. Shmueli
{"title":"用户与活动蜜牌交互时的行为研究","authors":"A. Shabtai, Maya Bercovitch, L. Rokach, Y. Gal, Y. Elovici, E. Shmueli","doi":"10.1145/2854152","DOIUrl":null,"url":null,"abstract":"Active honeytokens are fake digital data objects planted among real data objects and used in an attempt to detect data misuse by insiders. In this article, we are interested in understanding how users (e.g., employees) behave when interacting with honeytokens, specifically addressing the following questions: Can users distinguish genuine data objects from honeytokens? And, how does the user's behavior and tendency to misuse data change when he or she is aware of the use of honeytokens? First, we present an automated and generic method for generating the honeytokens that are used in the subsequent behavioral studies. The results of the first study indicate that it is possible to automatically generate honeytokens that are difficult for users to distinguish from real tokens. The results of the second study unexpectedly show that users did not behave differently when informed in advance that honeytokens were planted in the database and that these honeytokens would be monitored to detect illegitimate behavior. These results can inform security system designers about the type of environmental variables that affect people's data misuse behavior and how to generate honeytokens that evade detection.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"50 1","pages":"9:1-9:21"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Behavioral Study of Users When Interacting with Active Honeytokens\",\"authors\":\"A. Shabtai, Maya Bercovitch, L. Rokach, Y. Gal, Y. Elovici, E. Shmueli\",\"doi\":\"10.1145/2854152\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Active honeytokens are fake digital data objects planted among real data objects and used in an attempt to detect data misuse by insiders. In this article, we are interested in understanding how users (e.g., employees) behave when interacting with honeytokens, specifically addressing the following questions: Can users distinguish genuine data objects from honeytokens? And, how does the user's behavior and tendency to misuse data change when he or she is aware of the use of honeytokens? First, we present an automated and generic method for generating the honeytokens that are used in the subsequent behavioral studies. The results of the first study indicate that it is possible to automatically generate honeytokens that are difficult for users to distinguish from real tokens. The results of the second study unexpectedly show that users did not behave differently when informed in advance that honeytokens were planted in the database and that these honeytokens would be monitored to detect illegitimate behavior. These results can inform security system designers about the type of environmental variables that affect people's data misuse behavior and how to generate honeytokens that evade detection.\",\"PeriodicalId\":50912,\"journal\":{\"name\":\"ACM Transactions on Information and System Security\",\"volume\":\"50 1\",\"pages\":\"9:1-9:21\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Information and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2854152\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2854152","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 16

摘要

活动蜂蜜令牌是植入真实数据对象中的假数字数据对象,用于检测内部人员滥用数据。在本文中,我们感兴趣的是理解用户(例如员工)在与蜂蜜令牌交互时的行为,具体解决以下问题:用户能否区分真正的数据对象和蜂蜜令牌?并且,当用户意识到蜂蜜令牌的使用时,他或她的行为和滥用数据的倾向是如何改变的?首先,我们提出了一种自动化和通用的方法来生成后续行为研究中使用的蜜令牌。第一项研究的结果表明,可以自动生成用户难以与真实令牌区分的蜂蜜令牌。第二项研究的结果出人意料地表明,当用户事先被告知在数据库中植入了蜂蜜令牌,并且这些蜂蜜令牌将被监控以检测非法行为时,他们的行为并没有什么不同。这些结果可以告知安全系统设计人员影响人们数据滥用行为的环境变量类型,以及如何生成逃避检测的蜂蜜令牌。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Behavioral Study of Users When Interacting with Active Honeytokens
Active honeytokens are fake digital data objects planted among real data objects and used in an attempt to detect data misuse by insiders. In this article, we are interested in understanding how users (e.g., employees) behave when interacting with honeytokens, specifically addressing the following questions: Can users distinguish genuine data objects from honeytokens? And, how does the user's behavior and tendency to misuse data change when he or she is aware of the use of honeytokens? First, we present an automated and generic method for generating the honeytokens that are used in the subsequent behavioral studies. The results of the first study indicate that it is possible to automatically generate honeytokens that are difficult for users to distinguish from real tokens. The results of the second study unexpectedly show that users did not behave differently when informed in advance that honeytokens were planted in the database and that these honeytokens would be monitored to detect illegitimate behavior. These results can inform security system designers about the type of environmental variables that affect people's data misuse behavior and how to generate honeytokens that evade detection.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信