Behavioral study of users when interacting with active honeytokens

Research output: Contribution to journalArticlepeer-review

Abstract

Active honeytokens are fake digital data objects planted among real data objects and used in an attempt to detect data misuse by insiders. In this article, we are interested in understanding how users (e.g., employees) behave when interacting with honeytokens, specifically addressing the following questions: Can users distinguish genuine data objects from honeytokens? And, how does the user's behavior and tendency to misuse data change when he or she is aware of the use of honeytokens? First, we present an automated and generic method for generating the honeytokens that are used in the subsequent behavioral studies. The results of the first study indicate that it is possible to automatically generate honeytokens that are difficult for users to distinguish from real tokens. The results of the second study unexpectedly show that users did not behave differently when informed in advance that honeytokens were planted in the database and that these honeytokens would be monitored to detect illegitimate behavior. These results can inform security system designers about the type of environmental variables that affect people's data misuse behavior and how to generate honeytokens that evade detection.

Original languageAmerican English
Article number9
JournalACM Transactions on Information and System Security
Volume18
Issue number3
DOIs
StatePublished - 1 Feb 2016

Keywords

  • Data misuse
  • Honeypots
  • Honeytokens
  • Insider threat

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • General Computer Science

Fingerprint

Dive into the research topics of 'Behavioral study of users when interacting with active honeytokens'. Together they form a unique fingerprint.

Cite this