Extended Functionality of Honeypots

Bakalářska práce pod názvem Rozšířené funkce honeypotů je zaměřena na vývoj bezpečnostních systémů určitých typů nazvaných honeypoty. Po představení principů technik honeypotů se zabýva s výhodami ich používaní v porovnaní s inými bezpečnostními systémy. Následne popisuje rozdelení typů honeypotu a ich charakteristiky. Další část je věnován obeznámení nástrojů CONPOT a GLASTOPF. Cílem práce je navrhnút a implementovat rozšíření těchto nástrojů zaměrem ich vylepšení. Součástí popisů jednotlivých rozšíření je představení a analýza problému, implementace a testování navrhnutých rozšíření. Použití rozšíření poskytují užívatelům těchto honeypotů zvýšenú bezpečnost a širší okruh využití. V závěre jsou popsány možnosti dalšího rozšíření.The bachelor thesis titled Extented functionality of honeypots is dedicated to the development of a specific type of security systems called honeypots. After the introduction of the principles of honeypot systems the work deals with the benefits of their use along with the comparison of such systems to other security systems. Furthermore it describes the classification of honeypots and their characteristics. Another part is concerned with the introduction to CONPOT and GLAFTOPF. The aim of the thesis is to suggest and realize extensions focused on the improvement of the mentioned honeypots. The description of each extension contains the definition and analysis of the given problem, the implementation and evaluation of the recommended resolution. Utilization of the enhancements provide better security while widening their field of use. The conclusion discusses the possibilities of further development of the honeypots.

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Network Forensics and Log Files Analysis : A Novel Approach to Building a Digital Evidence Bag and Its Own Processing Tool

Intrusion Detection Systems (IDS) tools are deployed within networks to monitor data that is transmitted to particular destinations such as MySQL,Oracle databases or log files. The data is normally dumped to these destinations without a forensic standard structure. When digital evidence is needed, forensic specialists are required to analyse a very large volume of data. Even though forensic tools can be utilised, most of this process has to be done manually, consuming time and resources. In this research, we aim to address this issue by combining several existing tools to archive the original IDS data into a new container (Digital Evidence Bag) that has a structure based upon standard forensic processes. The aim is to develop a method to improve the current IDS database function in a forensic manner. This database will be optimised for future, forensic, analysis. Since evidence validity is always an issue, a secondary aim of this research is to develop a new monitoring scheme. This is to provide the necessary evidence to prove that an attacker had surveyed the network prior to the attack. To achieve this, we will set up a network that will be monitored by multiple IDSs. Open source tools will be used to carry input validation attacks into the network including SQL injection. We will design a new tool to obtain the original data in order to store it within the proposed DEB. This tool will collect the data from several databases of the different IDSs. We will assume that the IDS will not have been compromised

Agriculture 4.0 and beyond: Evaluating cyber threat intelligence sources and techniques in smart farming ecosystems

The digitisation of agriculture, integral to Agriculture 4.0, has brought significant benefits while simultaneously escalating cybersecurity risks. With the rapid adoption of smart farming technologies and infrastructure, the agricultural sector has become an attractive target for cyberattacks. This paper presents a systematic literature review that assesses the applicability of existing cyber threat intelligence (CTI) techniques within smart farming infrastructures (SFIs). We develop a comprehensive taxonomy of CTI techniques and sources, specifically tailored to the SFI context, addressing the unique cyber threat challenges in this domain. A crucial finding of our review is the identified need for a virtual Chief Information Security Officer (vCISO) in smart agriculture. While the concept of a vCISO is not yet established in the agricultural sector, our study highlights its potential significance. The implementation of a vCISO could play a pivotal role in enhancing cybersecurity measures by offering strategic guidance, developing robust security protocols, and facilitating real-time threat analysis and response strategies. This approach is critical for safeguarding the food supply chain against the evolving landscape of cyber threats. Our research underscores the importance of integrating a vCISO framework into smart farming practices as a vital step towards strengthening cybersecurity. This is essential for protecting the agriculture sector in the era of digital transformation, ensuring the resilience and sustainability of the food supply chain against emerging cyber risks

Analysing web-based malware behaviour through client honeypots

With an increase in the use of the internet, there has been a rise in the number of attacks on servers. These attacks can be successfully defended against using security technologies such as firewalls, IDS and anti-virus software, so attackers have developed new methods to spread their malicious code by using web pages, which can affect many more victims than the traditional approach. The attackers now use these websites to threaten users without the user’s knowledge or permission. The defence against such websites is less effective than traditional security products meaning the attackers have the advantage of being able to target a greater number of users. Malicious web pages attack users through their web browsers and the attack can occur even if the user only visits the web page; this type of attack is called a drive-by download attack. This dissertation explores how web-based attacks work and how users can be protected from this type of attack based on the behaviour of a remote web server. We propose a system that is based on the use of client Honeypot technology. The client Honeypot is able to scan malicious web pages based on their behaviour and can therefore work as an anomaly detection system. The proposed system has three main models: state machine, clustering and prediction models. All these three models work together in order to protect users from known and unknown web-based attacks. This research demonstrates the challenges faced by end users and how the attacker can easily target systems using drive-by download attacks. In this dissertation we discuss how the proposed system works and the research challenges that we are trying to solve, such as how to group web-based attacks into behaviour groups, how to avoid attempts at obfuscation used by attackers and how to predict future malicious behaviour for a given web-based attack based on its behaviour in real time. Finally, we have demonstrate how the proposed system will work by implementing a prototype application and conducting a number of experiments to show how we were able to model, cluster and predict web-based attacks based on their behaviour. The experiment data was collected randomly from online blacklist websites.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Analysing web-based malware behaviour through client honeypots

With an increase in the use of the internet, there has been a rise in the number of attacks on servers. These attacks can be successfully defended against using security technologies such as firewalls, IDS and anti-virus software, so attackers have developed new methods to spread their malicious code by using web pages, which can affect many more victims than the traditional approach. The attackers now use these websites to threaten users without the user’s knowledge or permission. The defence against such websites is less effective than traditional security products meaning the attackers have the advantage of being able to target a greater number of users. Malicious web pages attack users through their web browsers and the attack can occur even if the user only visits the web page; this type of attack is called a drive-by download attack. This dissertation explores how web-based attacks work and how users can be protected from this type of attack based on the behaviour of a remote web server. We propose a system that is based on the use of client Honeypot technology. The client Honeypot is able to scan malicious web pages based on their behaviour and can therefore work as an anomaly detection system. The proposed system has three main models: state machine, clustering and prediction models. All these three models work together in order to protect users from known and unknown web-based attacks. This research demonstrates the challenges faced by end users and how the attacker can easily target systems using drive-by download attacks. In this dissertation we discuss how the proposed system works and the research challenges that we are trying to solve, such as how to group web-based attacks into behaviour groups, how to avoid attempts at obfuscation used by attackers and how to predict future malicious behaviour for a given web-based attack based on its behaviour in real time. Finally, we have demonstrate how the proposed system will work by implementing a prototype application and conducting a number of experiments to show how we were able to model, cluster and predict web-based attacks based on their behaviour. The experiment data was collected randomly from online blacklist websites.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference