Honeyfile Camouflage: Hiding Fake Files in Plain Sight
This addresses the challenge of detecting malicious behavior in file systems for cybersecurity applications, but it is incremental as it builds on existing honeyfile concepts with new naming metrics.
The paper tackled the problem of naming honeyfiles to camouflage them among real files in a file system, developing two metrics based on cosine distances in semantic vector spaces, and showed that both performed well on a GitHub repository dataset.
Honeyfiles are a particularly useful type of honeypot: fake files deployed to detect and infer information from malicious behaviour. This paper considers the challenge of naming honeyfiles so they are camouflaged when placed amongst real files in a file system. Based on cosine distances in semantic vector spaces, we develop two metrics for filename camouflage: one based on simple averaging and one on clustering with mixture fitting. We evaluate and compare the metrics, showing that both perform well on a publicly available GitHub software repository dataset.