What is it about?
When we want to detect hackers, we typically invest a lot in detecting malicious behavior, which is costly. Instead, imagine setting little traps for hackers so that they have to be very careful not to trip over them. We've studied which traps work well and which don't, without the need for real hackers, who are hard to find.
Featured Image
Photo by Michael Dziedzic on Unsplash
Why is it important?
We proposed a method to measure the attractiveness of traps, specifically honeytokens, and found that placing them reduced the risk of hackers finding a real vulnerability by about 22% on average.
Perspectives
Everyone in computer security knows that cyber deception is a cool defensive strategy, but it's hard to quantify its effectiveness. I am proud that Honeyquest was able to do this without an expensive experimental setup, while still being able to replicate existing results and provide new insights.
Mario Kahlhofer
Read the Original
This page is a summary of: Honeyquest: Rapidly Measuring the Enticingness of Cyber Deception Techniques with Code-based Questionnaires, September 2024, ACM (Association for Computing Machinery),
DOI: 10.1145/3678890.3678897.
You can read the full text:
Resources
Contributors
The following have contributed to this page
