Reversing the asymmetry in data exfiltration
This addresses data security for organizations by shifting the advantage from attackers to defenders, though it appears incremental as it builds on existing deception techniques.
The paper tackles the problem of data exfiltration by proposing a defense strategy that supplements real documents with many fake versions, making it difficult for attackers to identify or exfiltrate the real data, and demonstrates that algorithmically generated fakes are reasonably hard to detect.
Preventing data exfiltration from computer systems typically depends on perimeter defences, but these are becoming increasingly fragile. Instead we suggest an approach in which each at-risk document is supplemented by many fake versions of itself. An attacker must either exfiltrate all of them; or try to discover which is the real one while operating within the penetrated system, and both are difficult. Creating and maintaining many fakes is relatively inexpensive, so the advantage that typically accrues to an attacker now lies with the defender. We show that algorithmically generated fake documents are reasonably difficult to detect using algorithmic analytics.