Computer science and technology : historiography VII (4 - 2)

Burger's big computer virus book, unreleased 'Hackers Wanted' documentar

Using Global Honeypot Networks to Detect Targeted ICS Attacks

Defending industrial control systems (ICS) in the cyber domain is both helped and hindered by bespoke systems integrating heterogeneous devices for unique purposes. Because of this fragmentation, observed attacks against ICS have been targeted and skilled, making them difficult to identify prior to initiation. Furthermore, organisations may be hesitant to share business-sensitive details of an intrusion that would otherwise assist the security community. In this work, we present the largest study of high-interaction ICS honeypots to date and demonstrate that a network of internet-connected honeypots can be used to identify and profile targeted ICS attacks. Our study relies on a network of 120 high-interaction honeypots in 22 countries that mimic programmable logic controllers and remote terminal units. We provide a detailed analysis of 80,000 interactions over 13 months, of which only nine made malicious use of an industrial protocol. Malicious interactions included denial of service and replay attacks that manipulated logic, leveraged protocol implementation gaps and exploited buffer overflows. While the yield was small, the impact was high, as these were skilled, targeted exploits previously unknown to the ICS community. By comparison with other ICS honeypot studies, we demonstrate that high-quality deception over long periods is necessary for such a honeypot network to be effective. As part of this argument, we discuss the accidental and intentional reasons why an internet-connected honeypot might be targeted. We also provide recommendations for effective, strategic use of such networks.Gates Cambridge Trus

Network traffic analysis for threats detection in the Internet of Things

As the prevalence of the Internet of Things (IoT) continues to increase, cyber criminals are quick to exploit the security gaps that many devices are inherently designed with. Users cannot be expected to tackle this threat alone, and many current solutions available for network monitoring are simply not accessible or can be difficult to implement for the average user, which is a gap that needs to be addressed. This article presents an effective signature-based solution to monitor, analyze, and detect potentially malicious traffic for IoT ecosystems in the typical home network environment by utilizing passive network sniffing techniques and a cloud application to monitor anomalous activity. The proposed solution focuses on two attack and propagation vectors leveraged by the infamous Mirai botnet, namely DNS and Telnet. Experimental evaluation demonstrates the proposed solution can detect 98.35 percent of malicious DNS traffic and 99.33 percent of Telnet traffic for an overall detection accuracy of 98.84 percent

Anomaly Detection in LAN with ARP Request Monitoring

学位の種別: 修士University of Tokyo(東京大学

Botnets: Smart Home User Vulnerabilities and Prevention

Internet of things (IoT) devices are emerging technology and everyday devices used worldwide that puts convenience at our fingertips through the collection and analyzation of our physical environment via the use of sensors and internet-connected devices. But that convenience came with the cost of IoT attacks tripling in number within the first half of 2018 compared to the number of IoT attacks in 2017 (Kaspersky Lab, 2018). In terms of home user devices, there are smart and fitness watches, refrigerators, and home assistants like the Google Home Assistant and the Amazon Echo Dot, and more. Although these devices aide in making life easier, IoT devices are prone to the threats, vulnerabilities, and risks that come with being connected to the Internet. Yet, at the same time, these devices are used to create smart homes. Research by OWASP and Lopez et al. (2018) has shown that there are several security threats to IoT that demonstrate the need to create stronger security practices. This project investigates ongoing research of IoT exploitation, particularly by botnets, to produce simple implementation recommendations and secure practices for home users. The aim of this research is to provide homes users with preventative methods to protect their smart homes and devices, so they do not fall victim to botnets