Real-Time Cyber Attack Detection Over HoneyPi Using Machine Learning

The rapid transition of all areas of our lives to the digital environment has kept people away from their intertwined social lives and made them dependent on the isolated cyber environment. This dependency has led to increased cyber threats and, subsequently, cyber-attacks nationally or internationally. Due to the high cost of cybersecurity systems and the expert nature of these systems\u27 management, the cybersecurity component has been mostly ignored, especially in small and medium-sized organizations. In this context, a holistic cybersecurity architecture is designed in which fully open source and free software and hardware-based Raspberry Pi devices with low-cost embedded operating systems are used as a honeypot. In addition, the architectural structure has an integrated, flexible, and easily configurable end-to-end security approach. It is suitable for different platforms by creating end-user screens with personalized software for network security guards and system administrators

Peeling Back the Onion of Cyber Espionage after Tallinn 2.0

Tallinn 2.0 represents an important advancement in the understanding of international law’s application to cyber operations below the threshold of force. Its provisions on cyber espionage will be instrumental to states in grappling with complex legal problems in the area of digital spying. The law of cyber espionage as outlined by Tallinn 2.0, however, is substantially based on rules that have evolved outside of the digital context, and there exist serious ambiguities and limitations in its framework. This Article will explore gaps in the legal structure and consider future options available to states in light of this underlying mismatch

Honeypot Security Efficiency versus Deception Solution

Deception technology has appeared on the market of information security systems relatively recently. However, some experts still consider Security Deception to be just a more advanced “honeypot.” In this article, we will try to highlight both the similarities and fundamental differences between these two solutions. In the first part, we will tell you about honeypot, how this technology developed and what are its advantages and disadvantages. And in the second part, we will dwell on the principles of operation of platforms for creating a distributed infrastructure of false targets (DDP)

Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Days

Existing solutions are ineffective in detecting zero day exploits targeting Customer Premise Equipment (CPE) and Internet of Things (IoT) devices. We present honware, a high-interaction honeypot framework which can emulate a wide range of devices without any access to the manufacturers' hardware. Honware automatically processes a standard firmware image (as is commonly provided for updates), customises the filesystem and runs the system with a special pre-built Linux kernel. It then logs attacker traffic and records which of their actions led to a compromise. We provide an extensive evaluation and show that our framework improves upon existing emulation strategies which are limited in their scalability, and that it is significantly better both in providing network functionality and in emulating the devices' firmware applications - a crucial aspect as vulnerabilities are frequently exploited by attackers in front-end functionalities such as web interfaces. Honware's design precludes most honeypot fingerprinting attacks, and as its performance is comparable to that of real devices, fingerprinting with timing attacks can be made far from trivial. We provide four case studies in which we demonstrate that honware is capable of rapid deployment to capture the exact details of attacks along with malware samples. In particular we identified a previously unknown attack in which the default DNS for an ipTIME N604R wireless router was changed. We believe that honware is a major contribution towards re-balancing the economics of attackers and defenders by reducing the period in which attackers can exploit zero days at Internet scale

Security Features in a Hybrid Software-Defined Network

The paper presents a novel paradigm of software-defined network that is significantly different from previous traditional networks and enables new opportunities in the architecture and implementation of security solutions. The analysis of network environments will compare traditional networks and software-defined networks and emphasize significant differences. A survey of the existing research includes vector attacks and troubleshooting using the capabilities of SDN with an emphasis on access control, detection, and prevention of attacks. This paper uses previous research and results to obtain information that will be used in improving critical system network protection and compares it with the existing conventional approach as well as implements it through a hybrid software-defined network

The AI Family: The Information Security Managers Best Frenemy?

In this exploratory study, we deliberately pull apart the Artificial from the Intelligence, the material from the human. We first assessed the existing technological controls available to Information Security Managers (ISMs) to ensure their in-depth defense strategies. Based on the AI watch taxonomy, we then discuss each of the 15 technologies and their potential impact on the transformation of jobs in the field of security (i.e., AI trainers, AI explainers and AI sustainers). Additionally, in a pilot study we collect the evaluation and the narratives of the employees (n=6) of a small financial institution in a focus group session. We particularly focus on their perception of the role of AI systems in the future of cyber security