HoneyGen: An automated honeytokens generator

Maya Bercovitch, Meir Renford, Lior Hasson, Asaf Shabtai, Lior Rokach, Yuval Elovici

Proceedings of 2011 IEEE International Conference on Intelligence and …, 2011

Honeytokens are artificial digital data items planted deliberately into a genuine system resource in order to detect unauthorized attempts to use information. The honeytokens are characterized by properties which make them appear as genuine data items. Honeytokens are also accessible to potential attackers who intend to violate an organization’s security in an attempt to mine information in a malicious manner. One of the main challenges in generating honeytokens is creating data items that appear as real and that are difficult to distinguish from real tokens. In this paper we present “HoneyGen” – a novel method for generating honeytokens automatically. HoneyGen creates honeytokens that are similar to the real data by extrapolating the characteristics and properties of real data items. The honeytoken generation process consists of three main phases: rule mining in which various types of rules that characterize …