HoneynetTrap: Analysis of insider threat detection using agent oriented PN² simulator

摘要

Insider threat is one of the major concerns for an organization that breaches the confidentiality and integrity of enterprise data. Different approaches have been proposed to mitigate this problem but most of them are time consuming and ineffective. In this paper, we have proposed the use of honeytokens to curb this problem. Honeytokens are the fake data items that are created manually or generated in the real database that value lays in using those tokens by an attacker. A honeypot is used at the filtering bridge that comprises of two modules mainly, Honeytoken generation module and insider threat detection module. Malicious outbound requests are transferred to EDoS server and legitimate one is forwarded to the outside destination. We have used Petri-net based agent oriented simulator PN2Sim to simulate the proposed framework. The proposed approach has been verified with reachability property using SPIN tool.