So fake, it’s almost real
May 8, 2017 / by Michele McDonald
Sushil Jajodia, director of the Center of Secure Information Systems, and his team continue to find new ways to confound computer network attackers. The Office of Naval Research awarded Jajodia a $1.24 million three-year grant to create believable fake documents to fool hackers into wasting their time.
It’s all part of Jajodia’s overall approach to make hackers pay. After all, building a good defense to withstand multiple fronts of attack means investing a hefty amount in resources. Meanwhile hackers only need to find one entry point to steal valuable information. It’s simply not fair they should have it so easy.
This is a joint project with professors Rajesh Ganesan and Hemant Purohit who are both members of CSIS as well as Systems Engineering and Operations Research (SEOR) and Information Sciences and Technology (IST) departments respectively. Graduate student Prakruthi Karuna also is working on the project.
Jajodia and his team attaches mathematical equations to specific phrases in a documents. He’s looking at what is the significant concept in a document along with the relationship and flow of concepts. An algorithm alters phrases in document just enough so that it looks believable but yields false information.
For example, Jajodia’s team manipulated the text to some online articles for students to read and then be tested on the contents. The text passed muster with students taking the test. That is until they had to transfer what they learned from the “fake” text and answer the test questions; fail.
And that’s what Jajodia hopes attackers will experience when they break into networks to steal information—a lot of time spent for worthless information.