TY - JOUR
T1 - Generating Realistic Fake Equations in Order to Reduce Intellectual Property Theft
AU - Xiong, Yanhai
AU - Ramachandran, Giridhar Kaushik
AU - Ganesan, Rajesh
AU - Jajodia, Sushil
AU - Subrahmanian, V. S.
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - According to Symantec, the average gap from the time a company is compromised by a zero-day attack to the time the vulnerability is discovered is 312 days. This leaves an adversary with a lot of time to exfiltrate corporate IP. Recent work has suggested automatically generating multiple fake versions of a document to impose costs on the attacker who needs to correctly identify the original document from a set of mostly fake documents. But in the real world, documents contain many diverse components. In this article, we focus on technical documents that often contain equations. We present FEE (Fake Equation Engine), a framework to generate fake equations in such documents. FEE tries to preserve multiple aspects of a given equation when generating a fake. Moreover, FEE is very general and applies to diverse equational forms including polynomial equations, differential equations, transcendental equations, and more. FEE iteratively solves a complex, changing optimization problem inside it. We also present FEE-FAST a fast approximate algorithm to solve the optimization problem within FEE. Using a panel of human subjects, we show that FEE achieves a high rate in deceiving sophisticated subjects.
AB - According to Symantec, the average gap from the time a company is compromised by a zero-day attack to the time the vulnerability is discovered is 312 days. This leaves an adversary with a lot of time to exfiltrate corporate IP. Recent work has suggested automatically generating multiple fake versions of a document to impose costs on the attacker who needs to correctly identify the original document from a set of mostly fake documents. But in the real world, documents contain many diverse components. In this article, we focus on technical documents that often contain equations. We present FEE (Fake Equation Engine), a framework to generate fake equations in such documents. FEE tries to preserve multiple aspects of a given equation when generating a fake. Moreover, FEE is very general and applies to diverse equational forms including polynomial equations, differential equations, transcendental equations, and more. FEE iteratively solves a complex, changing optimization problem inside it. We also present FEE-FAST a fast approximate algorithm to solve the optimization problem within FEE. Using a panel of human subjects, we show that FEE achieves a high rate in deceiving sophisticated subjects.
KW - Cybersecurity
KW - Deception
KW - Intellectual property theft
UR - http://www.scopus.com/inward/record.url?scp=85097207913&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85097207913&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2020.3038132
DO - 10.1109/TDSC.2020.3038132
M3 - Article
AN - SCOPUS:85097207913
SN - 1545-5971
VL - 19
SP - 1434
EP - 1445
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 3
ER -