50 research outputs found

    High Security Laboratory - Network Telescope Infrastructure Upgrade

    Get PDF
    As part of the High Security Laboratory at INRIA Nancy Grand Est inaugurated in July 2010, we have been running and maintaining a network telescope for more than 2 years. Many updates and upgrades of the different components have been made during this period, as well as the apparition of new threats and vulnerabilities, motivating an upgrade of the existing infrastructure to maintain it up-to-date with the current security issues. This report is a follow up of the previous report written in May 2008 describing the specification and deployment of the initial infrastructure. In this report, we present the upgrade performed during the second half of the year 2010, after the inauguration and moving of the platform

    A Methodology For Intelligent Honeypot Deployment And Active Engagement Of Attackers

    Get PDF
    Thesis (Ph.D.) University of Alaska Fairbanks, 2012The internet has brought about tremendous changes in the way we see the world, allowing us to communicate at the speed of light, and dramatically changing the face of business forever. Organizations are able to share their business strategies and sensitive or proprietary information across the globe in order to create a sense of cohesiveness. This ability to share information across the vastness of the internet also allows attackers to exploit these different avenues to steal intellectual property or gather information vital to the national security of an entire nation. As technology advances to include more devices accessing an organization's network and as more business is handled via the internet, attackers' opportunities increase daily. Honeypots were created in response to this cyber warfare. Honeypots provide a technique to gather information about attackers performing reconnaissance on a network or device without the voluminous logs obtained by the majority of intrusion detection systems. This research effort provides a methodology to dynamically generate context-appropriate honeynets. Administrators are able to modify the system to conform to the target environment and gather the information passively or through increasing degrees of active scanning. The information obtained during the process of scanning the environment aids the administrator in creating a network topology and understanding the flux of devices in the network. This research continues the effort to defend an organization's networks against the onslaught of attackers

    An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA)

    Get PDF
    The proliferation of insecure Internet-connected devices gave rise to the IoT botnets which can grow very large rapidly and may perform high-impact cyber-attacks. The related studies for tackling IoT botnets are concerned with either capturing or analyzing IoT botnet samples, using honeypots and sandboxes, respectively. The lack of integration between the two implies that the samples captured by the honeypots must be manually submitted for analysis in sandboxes, introducing a delay during which a botnet may change its operation. Furthermore, the effectiveness of the proposed sandboxes is limited by the potential use of anti-analysis techniques and the inability to identify features for effective detection and identification of IoT botnets. In this paper, we propose and evaluate a novel framework, the IoT-BDA framework, for automated capturing, analysis, identification, and reporting of IoT botnets. The framework consists of honeypots integrated with a novel sandbox that supports a wider range of hardware and software configurations, and can identify indicators of compromise and attack, along with anti-analysis, persistence, and anti-forensics techniques. These features can make botnet detection and analysis, and infection remedy more effective. The framework reports the findings to a blacklist and abuse service to facilitate botnet suspension. The paper also describes the discovered anti-honeypot techniques and the measures applied to reduce the risk of honeypot detection. Over the period of seven months, the framework captured, analyzed, and reported 4077 unique IoT botnet samples. The analysis results show that some IoT botnets used anti-analysis, persistence, and anti-forensics techniques typically seen in traditional botnets

    Honeyhive - A Network Intrusion Detection System Framework Utilizing Distributed Internet of Things Honeypot Sensors

    Get PDF
    Exploding over the past decade, the number of Internet of Things (IoT) devices connected to the Internet jumped from 3.8 billion in 2015 to 17.8 billion in 2018. Because so many IoT devices remain upatched, unmonitored, and left on, they have become a tantalizing target for attackers to gain network access or add another device to their botnet. HoneyHive is a framework that uses distributed IoT honeypots as Network Intrusion Detection Systems (NIDS) sensors that beacon back to a centralized Command and Control (C2) server. The tests in this experiment involve four types of scans and four levels of active honeypots against the HoneyHive framework and a traditional NIDS on the simulated test network. This research successfully created a framework of distributed network intrusion detection IoT honeypot sensors that capture traffic, create alerts, and beacon back to a central C2 server. The HoneyHive framework successfully detected intrusions that traditional NIDS cannot through the use of distributed IoT honeypot sensors and packet capture aggregation
    corecore