Be Aware with a Honeypot

The Internet has already become a hostile environment for computers, especially when they are directly connected with a public IP address. We have experienced this hostile activity where on an average day; the ITB Honeypot recorded over a thousand reconnaissance attacks seeking unauthorised entry onto our private network. Our Honeypot is a basic PC running Windows XP with no services offered and no activity from users that would generate traffic. The Honeypot is running in a passive state on a stub-network where all inbound and outbound traffic is recorded at the bridging computer to the WAN. We report on the majority of scans and vulnerability attacks that were used and investigate the processes that targeted vulnerable ports and access points on the network

Studying a Virtual Testbed for Unverified Data

It is difficult to fully know the effects a piece of software will have on your computer, particularly when the software is distributed by an unknown source. The research in this paper focuses on malware detection, virtualization, and sandbox/honeypot techniques with the goal of improving the security of installing useful, but unverifiable, software. With a combination of these techniques, it should be possible to install software in an environment where it cannot harm a machine, but can be tested to determine its safety. Testing for malware, performance, network connectivity, memory usage, and interoperability can be accomplished without allowing the program to access the base operating system of a machine. After the full effects of the software are understood and it is determined to be safe, it could then be run from, and given access to, the base operating system. This thesis investigates the feasibility of creating a system to verify the security of unknown software while ensuring it will have no negative impact on the host machine

Joint Task Force Olympics : monitoring potential terrorists behavior via deceptive computer means

The purpose of this thesis is to deploy tactical deception via a public website. The perception is to have the website be a supportive tool for the Joint Task Force Olympics. In actuality, it will be used to collect various data from those who attempt to access the site. The goal is not to implement a secure, impenetrable computer site or to capture hackers. On the contrary, the preference is to entice individuals or groups to enter the site and study its contents in the hope that we may discover why and from where they have accessed this site, and what files or directories allured them. The objective is to implement a successful deception by following the guidelines of the JP 3-58, Joint Doctrine for Military Deception, which contributes to the successful achievement of military objectives. The deception is focused on people researching information on the Internet for potential terrorist use. Although there are many threats to national security, terrorism is currently the most deadly of threats using one of the most trusted monitors: the Internet. There exists a relationship between the Internet and terrorism, and this thesis intends to exploit it with.http://archive.org/details/jointtaskforceol10945594

Honeypots aplicados ao contexto IoT : propostas de arquiteturas e coletas direcionadas para gateways MQTT

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Faculdade de Tecnologia, 2019.Há uma previsão de que em poucos anos existirão bilhões de dispositivos conectados na Internet. A definição formal de IoT é complexa e a tecnologia é considerada ainda como emergente. No entanto, antes mesmo de se consolidar, já existem ataques sendo direcionados para esse tipo de contexto. Esse projeto surge como uma avaliação quanto a viabilidade de uma Honeynet IoT. Passado algum tempo, o projeto passa a explorar as possibilidades de se utilizar honeypots aplicados aos gateways MQTT, um dos principais protocolos de Internet das Coisas. Para tal feito, o projeto propõe alguns modelos possíveis de arquitetura e experimentos de coleta para realizar um comparativo entre os honeypots Dionea e Cowrie.It is predicted that in a few years there will be billions of devices or things, connected to the Internet. The formal definition of IoT is complex and the technology is still considered emerging. However, even before consolidating, there are already attacks targeting this kind of context. The project explores possibilities. to use honeypots applied to MQTT gateways, one of the major IoT protocols. To this end, the project proposes some possible architectural models and collection experiments to make a comparison between the Dionea and Cowrie honeypots

Honeypot for Wireless Sensor Networks

People have understood that computer systems need safeguarding and require knowledge of security principles for their protection. While this has led to solutions for system components such as malware-protection, firewalls and intrusion detection systems, the ubiquitous usage of tiny microcomputers appeared at the same time. A new interconnectivity is on the rise in our lives. Things become “smart” and increasingly build new networks of devices. In this context the wireless sensor networks here interact with users and also, vice versa as well; unprivileged users able to interact with the wireless sensor network may harm the privileged user as a result. The problem that needs to be solved consists of possible harm that may be caused by an unprivileged user interacting with the wireless sensor network of a privileged user and may come via an attack vector targeting a vul- nerability that may take as long as it is needed and the detection of such mal-behaviour can only be done if a sensing component is implemented as a kind of tool detecting the status of the attacked wireless sensor network component and monitors this problem happening as an event that needs to be researched further on. Innovation in attack detection comprehension is the key aspect of this work, because it was found to be a set of hitherto not combined aspects, mechanisms, drafts and sketches, lacking a central combined outcome. Therefore the contribution of this thesis consists in a span of topics starting with a summary of attacks, possible countermeasures and a sketch of the outcome to the design and implementation of a viable product, concluding in an outlook at possible further work. The chosen path for the work in this research was experimental prototype construction following an established research method that first highlights the analysis of attack vectors to the system component and then evaluates the possibilities in order to im- prove said method. This led to a concept well known in common large-scale computer science systems, called a honeypot. Its common definitions and setups were analy- sed and the concept translation to the wireless sensor network domain was evaluated. Then the prototype was designed and implemented. This was done by following the ap- proach set by the science of cybersecurity, which states that the results of experiments and prototypes lead to improving knowledge intentionally for re-use

EMPIRICAL STUDIES BASED ON HONEYPOTS FOR CHARACTERIZING ATTACKERS BEHAVIOR

The cybersecurity community has made substantial efforts to understand and mitigate security flaws in information systems. Oftentimes when a compromise is discovered, it is difficult to identify the actions performed by an attacker. In this study, we explore the compromise phase, i.e., when an attacker exploits the host he/she gained access to using a vulnerability exposed by an information system. More specifically, we look at the main actions performed during the compromise and the factors deterring the attackers from exploiting the compromised systems. Because of the lack of security datasets on compromised systems, we need to deploy systems to more adequately study attackers and the different techniques they employ to compromise computer. Security researchers employ target computers, called honeypots, that are not used by normal or authorized users. In this study we first describe the distributed honeypot network architecture deployed at the University of Maryland and the different honeypot-based experiments enabling the data collection required to conduct the studies on attackers' behavior. In a first experiment we explore the attackers' skill levels and the purpose of the malicious software installed on the honeypots. We determined the relative skill levels of the attackers and classified the different software installed. We then focused on the crimes committed by the attackers, i.e., the attacks launched from the honeypots by the attackers. We defined the different computer crimes observed (e.g., brute-force attacks and denial of service attacks) and their characteristics (whether they were coordinated and/or destructive). We looked at the impact of computer resources restrictions on the crimes and then, at the deterrent effect of warning and surveillance. Lastly, we used different metrics related to the attack sessions to investigate the impact of surveillance on the attackers based on their country of origin. During attacks, we found that attackers mainly installed IRC-based bot tools and sometimes shared their honeypot access. From the analysis on crimes, it appears that deterrence does not work; we showed attackers seem to favor certain computer resources. Lastly, we observed that the presence of surveillance had no significant impact on the attack sessions, however surveillance altered the behavior originating from a few countries

Intrusion Detection and Security Assessment in a University Network

This thesis first explores how intrusion detection (ID) techniques can be used to provide an extra security layer for today‟s typically security-unaware Internet user. A review of the ever-growing network security threat is presented along with an analysis of the suitability of existing ID systems (IDS) for protecting users of varying security expertise. In light of the impracticality of many IDS for today‟s users, a web-enabled, agent-based, hybrid IDS is proposed. The motivations for the system are presented along with details of its design and implementation. As a test case, the system is deployed on the DCU network and results analysed. One of the aims of an IDS is to uncover security-related issues in its host network. The issues revealed by our IDS demonstrate that a full DCU network security assessment is warranted. This thesis describes how such an assessment should be carried out and presents corresponding results. A set of security-enhancing recommendations for the DCU network are presented

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Computer use and misuse: the constellation of control

This study is concerned with the nature of computer misuse and the legal and extralegal responses to it. It explores what is meant by the term ‘computer misuse’ and charts its emergence as a problem as well as its expansion in parallel with the continued progression in computing power, networking, reach and accessibility. In doing so, it surveys the attempts of the domestic criminal law to deal with some early manifestations of computer misuse and the consequent legislative passage of the Computer Misuse Act 1990. Having outlined the new criminal offences introduced by the 1990 Act, the study examines the extent to which the 1990 Act has been effective in controlling computer misuse, taking both prosecution rates and issues of judicial interpretation into account. It further examines the amendments made to the 1990 Act by the Police and Justice Act 2006 and their potential ramifications when they come into force. Having considered the position at domestic criminal law, the study turns to assess whether the solution to the effective regulation of computer misuse requires more than just the domestic criminal law. It explores the characteristics and purpose of the criminal law in the context of computer misuse and examines whether the domestic criminal law has limitations. The study then introduces theories of risk from realist, cultural and symbolic, ‘risk society’ and governmentality perspectives before considering the idea of a governance network as a means of responding to risk. It examines computer misuse and the role of the domestic criminal law in the light of these theories. Having established the theoretical governance framework, the study then explores the role of the law in general within this framework, examining potential new nodes of governance from the European Union, Council of Europe, Commonwealth, United Nations and Group of Eight. It considers whether there might be advantages in moving beyond the domestic criminal law in the response to computer misuse. The study then broadens the discussion of potential means of governance beyond the law to encompass extra-legal initiatives. It establishes a typology of these extra-legal initiatives and examines the contribution made by each to the governance of computer misuse. Finally, this study concludes with an examination of the complex governance network built up throughout the work and considers whether the regulation of computer misuse is only viable in a global networked society by a networked response combining nodes of both legal and extra-legal governance