Decoy data, such as decoy documents, honey pots and other bogus information can be generated on demand and used for detecting unauthorized access to information and to poison the thief’s ex-filtrated information. Serving decoys will confuse an attacker into believing they have ex-filtrated useful information, when they have not. This technology may be integrated with user behavior profiling technology to secure a user’s data in the Cloud. .
Whenever abnormal and unauthorized access to a cloud service is noticed, decoy information may be returned by the Cloud and delivered in such a way that it appear completely normal and legitimate. The legitimate user, who is the owner of the information, would readily identify when decoy information is being returned by the Cloud, and hence could alter the Cloud’s responses through a variety of means, such as challenge questions, to inform the Cloud security system that it has incorrectly detected an unauthorized access. In the case where the access is correctly identified as an unauthorized access, the Cloud security system would deliver unbounded amounts of bogus information to the attacker, thus securing the user’s true data from can be implemented by given two additional security features:
1. Validating whether data access is authorized when abnormal information access is detected
2. Confusing the attacker with bogus information that is by providing decoy documents.
We have applied above concepts to detect unauthorized data access to data stored on a local file system by masqueraders, i.e. attackers who view of legitimate users after stealing their credentials. Our experimental results in a local file system setting show that combining both techniques can yield better detection results .This results suggest that this approach may work in a Cloud environment, to make cloud system more transparent to the user as a local file system.