Skip to content

RoelTim/tsm-honeyfile-nlp-enticement

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
data
data
 
 
media
media
 
 
notebook
notebook
 
 
plots
plots
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

TSM: Measuring the Enticement of Honeyfiles with Natural Language Processing

This is the official Python code for the paper "TSM: Measuring the Enticement of Honeyfiles with Natural Language Processing", by Roelien C. Timmer, David Liebowitz, Surya Nepal and Salil S. Kanhere, accepted at Hawaii International Conference on System Sciences (HICSS) 2022.

Abstract: Honeyfile deployment is a useful breach detection method in cyber deception that can also inform defenders about the intent and interests of intruders and malicious insiders. A key property of a honeyfile, enticement, is the extent to which the file can attract an intruder to interact with it. We introduce a novel metric, Topic Semantic Matching (TSM), which uses topic modelling to represent files in the repository and semantic matching in an embedding vector space to compare honeyfile text and topic words robustly. We also present a honeyfile corpus created with different Natural Language Processing (NLP) methods. Experiments show that TSM is effective in inter-corpus comparisons and is a promising tool to measure the enticement of honeyfiles. TSM is the first measure to use NLP techniques to quantify the enticement of honeyfile content that compares the essential topical content of local contexts to honeyfiles and is robust to paraphrasing.

TSM enticement score visualisation:

Code requirements

We used Python 3.5.6 and the required packages are listed in requirements.txt

Run the following script subsequently:

python src/preprocess_files.py
python src/get_topics.py
python src/tsm.py

To generate the plots of the paper, run the notebook notebook/visualisations_tsm_paper.ipynb

Data

The data consists of two parts:

  • local context files which we web scraped
  • honeyfiles which we generated with either GPT-2

The breakdown of the honeyfile data set:

Customs Theater Computer Plants Total
GPT-2 103 25 25 25 178
Lorem Ipsum N/A N/A N/A N/A 160
POS-tagging 100 20 20 20 160
DPT 100 20 20 20 160
Total 303 65 65 65

The breakdown of the corresponding local context data set:

Category Local Context Number
Australian Customs Notices 1460
Papers about ‘Theater’ 100
Papers about ‘Computer Architecture’ 100
Papers about ‘Plants’ 140
Total 1800

Citation

If you find our code useful, please cite our paper:

@inProceedings{timmer2022tsm,
  title={TSM: Measuring the Enticement of Honeyfiles with Natural Language Processing},
  author={Timmer, Roelien and Liebowitz, David and Nepal, Surya and Kanhere, Salil},
  booktitle={Proceedings of the 55th Hawaii International Conference on System Sciences (HICSS)},
  year={2022}
}

About

Honeyfile dataset & TSM enticement algorithm

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages