A HONEYPOT FOR SPIES: UNDERSTANDING INTERNET-BASED DATA THEFT
Henderson, Blake T.
Rowe, Neil C.
Garza, Victor R.
MetadataShow full item record
Creating ruses and planting false documents to deceive our adversaries is a tactic that has been used for a long time. Honeypots allow us to easily plant false data on information systems while we monitor what attackers access and download. This enables us to learn of a potential spy’s interests and intents, helping defenders decide how to concentrate their resources when protecting critical information networks. In this thesis, we used a content-based Web honeypot to monitor access to military-related documents to see what type of information Internet users were most interested in obtaining. We created a webserver within the Naval Postgraduate School address range, mimicked the Naval Postgraduate School library’s website layout, and used webpage and webserver log monitoring software to analyze activity. We characterized both human and automated (bot) activity and found that the cyber subpage was the most popular among both types of users. Additionally, human-user document downloads tended to be in order of appearance on the webpage (alphabetically), but bot-user downloads appeared to be more random.
Approved for public release. distribution is unlimited