This paper surveys research concentrating on fake entities as a method to detect and monitor malware. A fake entity is a digital entity (such as a file) no one except a malicious attacker should access. When the entity is accessed, the defender immediately knows there is unwanted activity in the system and can start to monitor it. We discuss both faking different entities on one machine and in a network using virtual groups of fake hosts.
Sampsa Rauti, Ville Leppänen (University of Turku): A Survey on Fake Entities as a Method to Detect and Monitor Malicious Activity