63 research outputs found

    Honeypot-based Security Enhancements for Information Systems

    Get PDF
    The purpose of this thesis is to explore honeypot-based security enhancements for information systems. First, we provide a comprehensive survey of the research that has been carried out on honeypots and honeynets for Internet of Things (IoT), Industrial Internet of Things (IIoT), and Cyber-physical Systems (CPS). We provide a taxonomy and extensive analysis of the existing honeypots and honeynets, state key design factors for the state-of-the-art honeypot/honeynet research and outline open issues. Second, we propose S-Pot, a smart honeypot framework based on open-source resources. S-Pot uses enterprise and IoT honeypots to attract attackers, learns from attacks via ML classifiers, and dynamically configures the rules of SDN. Our performance evaluation of S-Pot in detecting attacks using various ML classifiers shows that it can detect attacks with 97% accuracy using J48 algorithm. Third, for securing host-based Docker containers from cryptojacking, using honeypots, we perform a forensic analysis to identify indicators for the detection of unauthorized cryptomining, present measures for securing them, and propose an approach for monitoring host-based Docker containers for cryptojacking detection. Our results reveal that host temperature, combined with container resource usage, Stratum protocol, keywords in DNS requests, and the use of the container’s ephemeral ports are notable indicators of possible unauthorized cryptomining

    Honeyhive - A Network Intrusion Detection System Framework Utilizing Distributed Internet of Things Honeypot Sensors

    Get PDF
    Exploding over the past decade, the number of Internet of Things (IoT) devices connected to the Internet jumped from 3.8 billion in 2015 to 17.8 billion in 2018. Because so many IoT devices remain upatched, unmonitored, and left on, they have become a tantalizing target for attackers to gain network access or add another device to their botnet. HoneyHive is a framework that uses distributed IoT honeypots as Network Intrusion Detection Systems (NIDS) sensors that beacon back to a centralized Command and Control (C2) server. The tests in this experiment involve four types of scans and four levels of active honeypots against the HoneyHive framework and a traditional NIDS on the simulated test network. This research successfully created a framework of distributed network intrusion detection IoT honeypot sensors that capture traffic, create alerts, and beacon back to a central C2 server. The HoneyHive framework successfully detected intrusions that traditional NIDS cannot through the use of distributed IoT honeypot sensors and packet capture aggregation

    CamDec: Advancing axis P1435-LE video camera security using honeypot-based deception

    Get PDF
    The explosion of online video streaming in recent years resulted in advanced services both in terms of efficiency and convenience. However, Internet-connected video cameras are prone to exploitation, leading to information security issues and data privacy concerns. The proliferation of video-capable Internet of Things devices and cloud-managed surveillance systems further extend these security issues and concerns. In this paper, a novel approach is proposed for video camera deception via honeypots, offering increased security measures compared to what is available on conventional Internet-enabled video cameras

    IMPLEMENTING A HIGH-INTERACTION HYBRID HONEYPOT FOR FACILITY AUTOMATION SYSTEMS

    Get PDF
    Operational technology includes environments such as industrial control systems, building-automation systems, and transportation systems. With the rising trend of cyberattacks against these systems, operational technology needs better methods to increase security without costly redesigns of existing systems. We developed a high-interaction hybrid honeypot that uses reverse-proxy technology with commercial building-automation software and equipment to deceive attackers with real (not simulated) data. Our Web proxy monitors and intercepts malicious requests to manipulate target equipment, and deploys deceptive tactics such as sending fake HTTP acknowledgments and modifying webpages to include misleading information. Our results showed the effectiveness of this method in a controlled environment. This deception technique offers a new low-cost approach to defend building-automation systems in industries and the United States government, including the Department of Defense, from evolving cyber threats.Approved for public release. Distribution is unlimited.Outstanding ThesisLieutenant, United States NavyOUSD (R&E), Washington, DC 2030

    An Empirical Analysis of Cyber Deception Systems

    Get PDF

    Proactive cybersecurity tailoring through deception techniques

    Get PDF
    Dissertação de natureza científica para obtenção do grau de Mestre em Engenharia Informática e de ComputadoresUma abordagem proativa à cibersegurança pode complementar uma postura reativa ajudando as empresas a lidar com incidentes de segurança em fases iniciais. As organizações podem proteger-se ativamente contra a assimetria inerente à guerra cibernética através do uso de técnicas proativas, como por exemplo a ciber deception. A implantação intencional de artefactos enganosos para construir uma infraestrutura que permite a investigação em tempo real dos padrões e abordagens de um atacante sem comprometer a rede principal da organização é o propósito da deception cibernética. Esta metodologia pode revelar vulnerabilidades por descobrir, conhecidas como vulnerabilidades de dia-zero, sem interferir com as atividades de rotina da organização. Além disso, permite às empresas a extração de informações vitais sobre o atacante que, de outra forma, seriam difíceis de adquirir. No entanto, colocar estes conceitos em prática em circunstâncias reais constitui problemas de grande ordem. Este estudo propõe uma arquitetura para um sistema informático de deception, que culmina numa implementação que implanta e adapta dinamicamente uma rede enganosa através do uso de técnicas de redes definidas por software e de virtualização de rede. A rede ilusora é uma rede de ativos virtuais com uma topologia e especificações pré-planeadas, coincidentes com uma estratégia de deception. O sistema pode rastrear e avaliar a atividade do atacante através da monitorização contínua dos artefactos da rede. O refinamento em tempo real do plano de deception pode exigir alterações na topologia e nos artefactos da rede, possíveis devido às capacidades de modificação dinâmica das redes definidas por software. As organizações podem maximizar as suas capacidades de deception ao combinar estes processos com componentes avançados de deteção e classificação de ataques informáticos. A eficácia da solução proposta é avaliada usando vários casos de estudo que demonstram a sua utilidade.A proactive approach to cybersecurity can supplement a reactive posture by helping businesses to handle security incidents in the early phases of an attack. Organizations can actively protect against the inherent asymmetry of cyber warfare by using proactive techniques such as cyber deception. The intentional deployment of misleading artifacts to construct an infrastructure that allows real-time investigation of an attacker's patterns and approaches without compromising the organization's principal network is what cyber deception entails. This method can reveal previously undiscovered vulnerabilities, referred to as zero-day vulnerabilities, without interfering with routine corporate activities. Furthermore, it enables enterprises to collect vital information about the attacker that would otherwise be difficult to access. However, putting such concepts into practice in real-world circumstances involves major problems. This study proposes an architecture for a deceptive system, culminating in an implementation that deploys and dynamically customizes a deception grid using Software-Defined Networking (SDN) and network virtualization techniques. The deception grid is a network of virtual assets with a topology and specifications that are pre-planned to coincide with a deception strategy. The system can trace and evaluate the attacker's activity by continuously monitoring the artifacts within the deception grid. Real-time refinement of the deception plan may necessitate changes to the grid's topology and artifacts, which can be assisted by software-defined networking's dynamic modification capabilities. Organizations can maximize their deception capabilities by merging these processes with advanced cyber-attack detection and classification components. The effectiveness of the given solution is assessed using numerous use cases that demonstrate its utility.N/

    Monitorování hrozeb Wi-Fi sítí za pomocí honeypot

    Get PDF
    The increase in the use of mobile devices and IoT have made wireless technologies to become a significant part of our life today to access information from anywhere and anytime mainly due to ease of use, improved mobility, freedom and flexibility. The greatly evolving 802.11 wireless standard has also brought about security issues. The wireless networks face attacks and intrusion attempts that are different than that of a wired network. This thesis aims to implement a modern honeypot for the wireless network to understand the state of wireless hacking in the real-world and in a controlled environment. The results will be subsequently analysed to determine the threats and attacks faced by the devices in the wireless network and will also compare the existing countermeasures that would reduce or eliminate these attacks.Nárůst využívání mobilních zařízení a internetu věcí způsobil, že bezdrátové technologie se dnes staly významnou součástí našeho života pro přístup k informacím odkudkoli a kdykoli a to převážně díky snadnému použití, lepší mobilitě, volnosti a flexibilitě. Vyvoj v oblasti bezdrátového standardu 802.11 však sebou nese také problémy se zabezpečením. Bezdrátové sítě čelí útokům a pokusům o narušení, které jsou jiné než u kabelových sítí. Tato práce si klade za cíl implementovat moderní honeypot pro bezdrátovou síť k pochopení současných metod pro vedení útoků na bezdrátové sítě a to jednak v reálném světě a v laboratorním prostředí. Výsledky budou následně analyzovány, aby se určily hrozby a útoky, kterým čelí zařízení v bezdrátových sítích, a budou uvedeny také protiopatření, která jsou vhodná pro minimalizaci a eliminaci uvedených hrozeb.460 - Katedra informatikyvelmi dobř
    corecore