Introduction to Cyberdeception by Neil C. Rowe & Julian Rrushi

Author:Neil C. Rowe & Julian Rrushi
Language: eng
Format: epub
Publisher: Springer International Publishing, Cham

11.8.3 Metadata of Typical File Systems

We have been studying a collection of 4265 drives containing 251.7 million files obtained from various sources around the world (Rowe 2016). The term “drive” means something intended for secondary storage, primarily magnetic disks and flash memories. Our collection (or “corpus”) includes drives purchased as used equipment in 32 countries around the world, a selection of classroom and laboratory computers at NPS, and some miscellaneous contributions. This data provides the basis for a good model of a realistic honeypot.

Table 11.3 shows the percentages of file types for five sets from our 2015 data: The full set of files, the Windows computers after eliminating of common operating-system and software files, the mobile devices similarly reduced, the storage devices (like thumb drives) similarly reduced, and the drives having other operating systems (including Linux machines, Macintosh machines, digital cameras, auxiliary memory cards, and printers) similarly reduced. The reduction process eliminated common software files and involved nine different clues. There were a total of 251.7 million files for the first set, 58.8 million on 1819 drives for the Windows set, 6.5 million on 374 drives for the mobile-device set, 1.1 million on 350 drives for the storage-device set, and 0.5 million on 693 drives for the other-operating-system set. That meant the average Windows drive had 32,325 files, the average mobile device had 17,271 files, the average storage device had 3,267 files, and the average other operating system had 665 files. Note that useful honeypots can be mobile devices and storage devices too. This data gives guidelines for how to allocate files by type for a good honeypot. Surprisingly, there is not much published data of this type, though Douceur and Bolosky (1999) and Pang et al. (2004) are a start.Table 11.3File-type distributions for drives in our corpus

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.