1 |
State of the Art Botnet-Centric Honeynet DesignSyers, John, III 16 January 2010 (has links)
The problem of malware has escalated at a rate that security professionals and
researchers have been unable to deal with. Attackers savage the information technology (IT) infrastructure of corporations and governments with impunity. Of particular
significance is the rise of botnets within the past ten years. In response, honeypots
and honeynets were developed to gain critical intelligence on attackers and ultimately
to neutralize their threats. Unfortunately, the malware community has adapted, and
strategies used in the early half of the decade have diminished significantly in their
effectiveness. This thesis explores the design characteristics necessary to create a
honeynet capable of reversing the current trend and defeating botnet countermeasures. This thesis finds that anti-virtual machine detection techniques along with
appropriate failsafes are essential to analyze modern botnet binaries.
|
2 |
Deceptive Environments for Cybersecurity Defense on Low-power DevicesKedrowitsch, Alexander Lee 05 June 2017 (has links)
The ever-evolving nature of botnets have made constant malware collection an absolute necessity for security researchers in order to analyze and investigate the latest, nefarious means by which bots exploit their targets and operate in concert with each other and their bot master.
In that effort of on-going data collection, honeypots have established themselves as a curious and useful tool for deception-based security. Low-powered devices, such as the Raspberry Pi, have found a natural home with some categories of honeypots and are being embraced by the honeypot community. Due to the low cost of these devices, new techniques are being explored to employ multiple honeypots within a network to act as sensors, collecting activity reports and captured malicious binaries to back-end servers for later analysis and network threat assessments. While these techniques are just beginning to gain their stride within the security community, they are held back due to the minimal amount of deception a traditional honeypot on a low-powered device is capable of delivering.
This thesis seeks to make a preliminary investigation into the viability of using Linux containers to greatly expand the deception possible on low-powered devices by providing isolation and containment of full system images with minimal resource overhead. It is argued that employing Linux containers on low-powered device honeypots enables an entire category of honeypots previously unavailable on such hardware platforms. In addition to granting previously unavailable interaction with honeypots on Raspberry Pis, the use of Linux containers grants unique advantages that have not previously been explored by security researchers, such as the ability to defeat many types of virtual environment and monitoring tool detection methods. / Master of Science / The term ‘honeypot’, as used in computer security, refers to computer systems that are intended to be targeted by malicious third parties, but contain little value. While these systems are being attacked, the honeypot collects as much data as it can on the actions being performed by the attacker; information that is extremely useful for security researchers in understanding the latest techniques and methods that are employed by cyber-criminals. Unfortunately, not all honeypot architectures are equal and often trade-offs have to be made between ease of setup, cost of hardware, and how realistic the honeypot is capable of behaving.
This thesis proposes that by using a new and useful software package available to Linux computer systems called ‘Linux Containers’, it is possible to implement honeypots that significantly reduce the amount of trade-offs required. Specifically, honeypots that are capable of highly realistic behavior can be run on highly affordable, low-power devices, such as the Raspberry Pi.
In addition to granting realistic honeypots the ability to operate on low-cost devices, Linux containers also provide the benefit of defeating several, difficult to overcome methods that malicious software authors implement in order to prevent their malware from being monitored and analyzed by security experts. Defeating the investigated forms of environment detection has remained a difficult challenge for security experts and remains an open-ended problem in the field.
|
3 |
Exploring Extensions Of Traditional Honeypot Systems And Testing The Impact On Attack ProfilingMcGrew, Robert Wesley 10 December 2005 (has links)
This thesis explores possibilities for extending the features of honeypot systems to decrease the chance of an attacker discovering that they have compromised a honeypot. It is proposed that by extending the period of time that an attacker spends on a honeypot oblivious to its status, more information relevant to profiling the attacker can be gained. Honeypots are computer systems that are deployed in a way that attackers can easily compromise them. These systems, which contain no production data, are useful both as early warning systems for attacks on production systems, and for studying the tools, techniques, and motives of attackers. Current honeypot systems mitigate the risks of running a honeypot by restricting out-bound traffic in a way that might be obvious to an attacker. The extensions proposed for honeypots will be tested in a controlled laboratory environment.
|
4 |
Implementing Honeypots to Build Risk Profiles for IoT Devices in a Home-Based EnvironmentKula, Michal Damian January 2021 (has links)
Honeypots have been implemented in network security for years now, from the simplesystems where they could only mimic one vulnerable service and gather information aboutan intruder they have morphed in to advanced and complicated environments.Unfortunately, hackers have not left that untouched, and constantly try to detect honeypotsbefore being caught. This ongoing battle can be damaging to unexperienced internet users,who have no idea about securing devices in their small home-based network environment.The purpose of this research is to perform a technical study using IoT devices placed in a homeenvironment in a specially separated segment, and capture traffic between them and externalagents. This data is then analysed and used to build risk profiles of tested IoT devices aimingto provide security recommendations.The results indicate creating risk profiles for IoT devices could be used to gather more preciseinformation about external attacks and provide instant answer to what type of attacks couldbe generated against a selected IoT device. More development would be required to improvethis process, this includes redesign of the network and an automatic software-based toolcapable of generating risk profiles.
|
5 |
Honeypots in network securityAkkaya, Deniz, Thalgott, Fabien January 2010 (has links)
<p>Day by day, more and more people are using internet all over the world. It is becoming apart of everyone’s life. People are checking their e-mails, surfing over internet, purchasinggoods, playing online games, paying bills on the internet etc. However, while performingall these things, how many people know about security? Do they know the risk of beingattacked, infecting by malicious software? Even some of the malicious software arespreading over network to create more threats by users. How many users are aware of thattheir computer may be used as zombie computers to target other victim systems? Astechnology is growing rapidly, newer attacks are appearing. Security is a key point to getover all these problems. In this thesis, we will make a real life scenario, using honeypots.Honeypot is a well designed system that attracts hackers into it. By luring the hackerinto the system, it is possible to monitor the processes that are started and running on thesystem by hacker. In other words, honeypot is a trap machine which looks like a realsystem in order to attract the attacker. The aim of the honeypot is analyzing, understanding,watching and tracking hacker’s behaviours in order to create more secure systems.Honeypot is great way to improve network security administrators’ knowledge and learnhow to get information from a victim system using forensic tools. Honeypot is also veryuseful for future threats to keep track of new technology attacks.</p>
|
6 |
Deployment of Low Interaction Honeypots in University Campus NetworkChairetakis, Eleftherios, Alkudhir, Bassam, Mystridis, Panagiotis January 2013 (has links)
Large scale networks face daily thousands of network attacks. No matter the strength of the existing security defending mechanisms, these networks remain vulnerable, as new tools and techniques are being constantly developed by hackers. A new promising technology that lures the attackers in order to monitor their malicious activities and divulge their intentions is emerging with Virtual Honeypots. In the present thesis, we examine an extensive security mechanism based on three different open source low interaction honeypots. We implement this mechanism at our university campus network in an attempt to identify the potential threats and methods used against our network. The data gathered by our honeypots reveal valuable information regarding the types of attacks, the vulnerable network services within the network and the malicious activities launched by attackers.
|
7 |
An evaluation of Honeypots with Compliant KubernetesEriksson, Oscar January 2023 (has links)
This thesis evaluates different honeypot technologies and how they can be integrated into Compliant Kubernetes (CK8s), a secure open-source distribution of Kubernetes designed to address various compliance and regulatory requirements. The thesis identifies and compares the features, metrics, and suitability of several candidate honeypots for CK8s based on a literature survey and experimental testing. The thesis also discusses the value and challenges of using honeypots in cloud environments and the legal and ethical issues involved. The main findings of the thesis are that ContainerSSH is the most mature, user-friendly, and Kubernetes-compatible honeypot among the candidates, and that honeypots can provide useful threat intelligence and security awareness for cloud systems.
|
8 |
Intelligent Honeypot Agents for Detection of Blackhole Attack in Wireless Mesh NetworksPrathapani, Anoosha January 2010 (has links)
No description available.
|
9 |
SAMARA SOCIEDADE DE AGENTES PARA A MONITORAÇÃO DE ATAQUES E RESPOSTAS AUTOMATIZADAS / SAMARA SOCIETY OF AGENTS FOR THE MONITORING OF ATTACKS AND AUTOMATIZED ANSWERSOLIVEIRA, Antonio Alfredo Pires 17 June 2005 (has links)
Made available in DSpace on 2016-08-17T14:52:58Z (GMT). No. of bitstreams: 1
Antonio Alfredo Pires Oliveira.pdf: 8225871 bytes, checksum: c2e6155a7365443f49c0172bf39c5dac (MD5)
Previous issue date: 2005-06-17 / The traditional security techniques applied in computer networks try to block attacks (using
firewalls) or to detect them as soon as they happen (using Intrusion Detection Systems). Both
are of recognized value, however, they have limitations. In that sense, there is to innovate as
for techniques and defense tactics, as well as the tools and technologies that complement the
traditional mechanisms applied in network and computer security. One of these solutions have
been using honeypots (networks traps) to collect information, motives, tactics and tools used
in malicious network activities and distributed systems. This research work introduce an
architecture for automated incident response, called SAMARA, based on honeypots and
intelligent agents, created to support the functional requisites of decoy server and honeynet
agents proposed for NIDIA Project Network Intrusion Detection System based on Intelligent
Agents [18], but that can be adjust to others detection, prevention and reaction approaches of
security incidents in network and distributed systems. / As técnicas tradicionais de segurança aplicadas em redes de computadores tentam bloquear
ataques (utilizando firewalls) ou detectá- los assim que eles ocorrem (utilizando Sistemas de
Detecção de Intrusos). Ambas são de reconhecido valor, porém, têm seus limites. Nesse
sentido, há que se inovar em relação às técnicas e táticas de defesas, bem como em
ferramentas e tecnologias que complementem os mecanismos tradicionais aplicados em
segurança de redes e computadores. Uma dessas soluções tem sido o uso de honeypots
(armadilhas de redes) na coleta de informações, motivos, táticas e ferramentas utilizadas em
atividades maliciosas em redes e sistemas distribuídos. Este trabalho introduz a arquitetura de
respostas automatizadas a incidentes de segurança, denominada SAMARA, que é baseada em
honeypots e agentes inteligentes, concebida para atender os requisitos funcionais dos agentes
decoy server e honeynet propostos para o Projeto NIDIA Network Intrusion Detection
System based on Intelligent Agents [18], mas que pode se ajustar a outras abordagens de
detecção e prevenção e reação a incidentes de segurança em redes e sistemas distribuídos.
|
10 |
Collaborative intrusion preventionChung, Pak Ho 02 June 2010 (has links)
Intrusion Prevention Systems (IPSs) have long been proposed as a defense against attacks that propagate too fast for any manual response to be useful. While purely-network-based IPSs have the advantage of being easy to install and manage, research have shown that this class of systems are vulnerable to evasion [70, 65], and can be tricked into filtering normal traffic and create more harm than good [12, 13]. Based on these researches, we believe information about how the attacked hosts process the malicious input is essential to an effective and reliable IPS. In existing IPSs, honeypots are usually used to collect such information. The collected information will then be analyzed to generate countermeasures against the observed attack. Unfortunately, techniques that allow the honeypots in a network to be identified ([5, 71]) can render these IPSs useless. In particular, attacks can be designed to avoid targeting the identified honeypots. As a result, the IPSs will have no information about the attacks, and thus no countermeasure will ever be generated. The use of honeypots is also creating other practical issues which limit the usefulness/feasibility of many host-based IPSs. We propose to solve these problems by duplicating the detection and analysis capability on every protected system; i.e., turning every host into a honeypot. / text
|
Page generated in 0.0268 seconds