A Survey on Fake Entities as a Method to Detect and Monitor Malicious Activity

This paper surveys research concentrating on fake entities as a method to detect and monitor malware. A fake entity is a digital entity (such as a file) no one except a malicious attacker should access. When the entity is accessed, the defender immediately knows there is unwanted activity in the system and can start to monitor it. We discuss both faking different entities on one machine and in a network using virtual groups of fake hosts.

Sampsa Rauti, Ville Leppänen (University of Turku): A Survey on Fake Entities as a Method to Detect and Monitor Malicious Activity

Presented at 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), 6-8. March, 2017

http://ieeexplore.ieee.org/document/7912676/

 

Share on LinkedInGoogle+Tweet about this on TwitterShare on FacebookEmail to someone