Global ETD Search

11	Honeypots in network security Akkaya, Deniz, Thalgott, Fabien January 2010 (has links) Day by day, more and more people are using internet all over the world. It is becoming apart of everyone’s life. People are checking their e-mails, surfing over internet, purchasinggoods, playing online games, paying bills on the internet etc. However, while performingall these things, how many people know about security? Do they know the risk of beingattacked, infecting by malicious software? Even some of the malicious software arespreading over network to create more threats by users. How many users are aware of thattheir computer may be used as zombie computers to target other victim systems? Astechnology is growing rapidly, newer attacks are appearing. Security is a key point to getover all these problems. In this thesis, we will make a real life scenario, using honeypots.Honeypot is a well designed system that attracts hackers into it. By luring the hackerinto the system, it is possible to monitor the processes that are started and running on thesystem by hacker. In other words, honeypot is a trap machine which looks like a realsystem in order to attract the attacker. The aim of the honeypot is analyzing, understanding,watching and tracking hacker’s behaviours in order to create more secure systems.Honeypot is great way to improve network security administrators’ knowledge and learnhow to get information from a victim system using forensic tools. Honeypot is also veryuseful for future threats to keep track of new technology attacks. Honeypot hacking security forensic analysis of honeypots network Computer Sciences Datavetenskap (datalogi)
12	A Systematic Comparison of Default based Versus Hardened IoT Systems Using Honeypots : Master Thesis \| Supervisor: Maria Papadaki Marinakis, Alexandros January 2021 (has links) IoT devices provide immense contributions in fields of education, communication, business, science, industrial zones, permeating various aspects of everyday life. Despite these benefits, their diversity, heterogeneity, and rapid development can introduce significant challenges, especially when the secure design has not been incorporated into their software lifecycle. Consequently, they can be targeted by malicious attackers, resulting in important security threats that need to be addressed. The main goal of this research is to explore the benefits of securing IoT devices after deployment, by examining, analyzing, and comparing default vs secure IoT device configurations. This will allow us to make assumptions regarding the differences in behavior, patterns, and motives of the attackers, as well as to measure the performance output between the two environments. To achieve our goal, we make extensive use of honeypot systems simulating the two different environments and collect log data to conclude meaningful information. As a secondary goal, we also explore any potential performance degradation for default vs secure configurations. The produced results suggest that there is a major difference both in terms of how the attackers approach a hardened IoT device/service, and how a device is affected in terms of operability and performance. IoT Devices IoT Honeypots Elektroteknik och elektronik
13	Identifica??o remota de sistemas operacionais utilizando an?lise de processos aleat?rios e redes neurais artificiais Medeiros, Jo?o Paulo de Souza 19 June 2009 (has links) Made available in DSpace on 2014-12-17T14:55:36Z (GMT). No. of bitstreams: 1 JoaoPSM.pdf: 2736653 bytes, checksum: 0b1bd7853a47877b24c5f2042e0a5d8e (MD5) Previous issue date: 2009-06-19 / Petr?leo Brasileiro SA - PETROBRAS / A new method to perform TCP/IP fingerprinting is proposed. TCP/IP fingerprinting is the process of identify a remote machine through a TCP/IP based computer network. This method has many applications related to network security. Both intrusion and defence procedures may use this process to achieve their objectives. There are many known methods that perform this process in favorable conditions. However, nowadays there are many adversities that reduce the identification performance. This work aims the creation of a new OS fingerprinting tool that bypass these actual problems. The proposed method is based on the use of attractors reconstruction and neural networks to characterize and classify pseudo-random numbers generators / ? proposto um novo m?todo para identifica??o remota de sistemas operacionais que operam em redes TCP/IP. Este m?todo possui diversas aplica??es relacionadas ? seguran?a em redes de computadores e ? normalmente adotado tanto em atividades de ataque quanto de defesa de sistemas. O m?todo proposto ? capaz de obter sucesso em situa??es onde diversas solu??es atuais falham, inclusive no tratamento com dispositivos possivelmente vulner?veis ao processo de identifica??o. O novo m?todo realiza a an?lise dos geradores de n?meros aleat?rios usados nas pilhas TCP/IP e, atrav?s do uso de redes neurais artificiais, cria mapas que representam o comportamento destes geradores. Tais mapas s?o usados para compara??o com mapas rotulados que representam sistemas j? conhecidos, concretizando o processo de identifica??o Identifica??o de pilha TCP/IP Seguran?a em redes de computadores Identifica??o de honeypots OS fingerprinting TCP/IP fingerprinting Network security Honeypots indentification CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
14	Intrusion Attack & Anomaly Detection in IoT Using Honeypots Kulle, Linus January 2020 (has links) This thesis is presented as an artifact of a project conducted at MalmöUniversity IoTaP LABS. The Internet of Things (IoT) is a growing field and its usehas been adopted in many aspects of our daily lives, which has led todigitalization and the creation of smart IoT ecosystems. However, with the rapidadoption of IoT, little or no focus has been put on the security implications,device proliferations and its advancements. This thesis takes a step forward toexplore the usefulness of implementing a security mechanism that canproactively be used to aid understanding attacker behaviour in an IoTenvironment. To achieve this, this thesis has outlined a number of objectivesthat ranges from how to create a deliberate vulnerability by using honeypots inorder to lure attacker’s in order to study their modus operandi. Furthermore,an Intrusion Attack Detection (Model) has been constructed that has aided withthis implementation. The IAD model, has been successfully implemented withthe help of interaction and dependence of key modules that have allowedhoneypots to be executed in a controlled IoT environment. Detailed descriptionsregarding the technologies that have been used in this thesis have also beenexplored to a greater extent. On the same note, the implemented system withthe help of an attack scenario allowed an attacker to access the system andcircumnavigate throughout the camouflaged network, thereafter, the attacker’sfootprints are mapped based on the mode of attack. Consequently, given thatthis implementation has been conducted in MAU environment, the results thathave been generated as a result of this implementations have been reportedcorrectly. Eventually, based on the results that have been generated by thesystem, it is worth to note that the research questions and the objective posedby the thesis have been met. honeypot honeypots iot cyber cybersecurity information security infosec cybersec anomaly detection intrusion detection iot security Engineering and Technology Teknik och teknologier
15	Honeypot study of threats targeting critical infrastructure / Honeypot studie av cyberhot riktade mot kritisk infrastruktur Alberto Scola, Carlo January 2023 (has links) Honeypots are systems with the intent of gathering information about potential threats and, at the same time, shifting part of the attention away from the real targets. In industrial control system environments, honeypots play a significant role and can lead to further threat study while distracting potential attackers away from critical physical systems. Low-interaction honeypots are emulated systems that try to recreate a real environment by simulating applications and protocols. These types of honeypots still need improvements to be efficient, and during this thesis work the focus has been on the Conpot open-source ICS honeypot. Due to their nature, low-interaction honeypots are less appealing to potential attackers than high-interaction honeypots since they do not provide the same level of realism and can be easier discovered. Earlier works showed ways to increase the ability to attract more visitors and an improved setup of Conpot has been evaluated. Its results have been analyzed and compared with the default installation. Several advancements have been implemented as well as custom features and working functionalities, such as a customized industrial system design, improved logging, and a web API proxy. The goal of this work is to answer the investigated hypothesis which consists in finding out if an improved version of the low-interaction honeypot can yield more significant results. By evaluating the network traffic received, the outcome has been insightful and showcased a distinguished improvement over the original version of the honeypot. The ICS protocols displayed a more considerable number of interactions along with an increased amount of attacks. In conclusion, further development for the Conpot honeypot is desirable which would largely improve its performance and practicality in real-world deployments. / Honeypots är ett system med avsikten att samla information om potentiella hot och samtidigt avleda uppmärksamheten från de verkliga målen. I industriella kontrollsystemsmiljöer spelar honungskrukor en viktig roll och kan leda till ytterligare hotstudier samtidigt som potentiella angripare distraheras från viktiga fysiska system. Honeypots med låg interaktion är emulerade system som försöker återskapa verkliga miljöer genom att simulera applikationer och protokoll. Dessa typer av honeypots behöver fortfarande förbättringar för att vara effektiva, och under detta examensarbete har fokus legat på Conpot open source ICS honeypots. På grund av designbegränsningar är honeypots med låg interaktion mindre tilltalande för potentiella angripare än honeypots med hög interaktion. Tidigare arbeten har visat sätt att öka möjligheten att locka fler besökare och en förbättrad installation av Conpot har utvärderats och dess resultat har analyserats och jämförts med standardinstallationen. Flera framsteg har implementerats samt anpassade funktioner och fungerande funktioner, såsom en anpassad industriell systemdesign, förbättrad loggning och en webb-API-proxy. Målet med detta arbete är att svara på den undersökta hypotesen som går ut på att ta reda på om en förbättrad version av honungskrukan med låg interaktion kan ge mer signifikanta resultat. Genom att utvärdera den mottagna nätverkstrafiken har resultatet varit insiktsfullt och visat upp en stor förbättring jämfört med den ursprungliga versionen av honeypot. ICS-protokollen visade ett större antal interaktioner tillsammans med en ökad mängd attacker. Sammanfattningsvis är det önskvärt med en vidareutveckling av Conpot honeypot som avsevärt skulle förbättra dess prestanda och praktiska användning i den verkliga världen. ICS Honeypots Modbus SCADA Enip Conpot Bacnet FTP IPMI Network security Cyber attacks Computer and Information Sciences Data- och informationsvetenskap
16	Cyber Attack Modelling using Threat Intelligence. An investigation into the use of threat intelligence to model cyber-attacks based on elasticsearch and honeypot data analysis Al-Mohannadi, Hamad January 2019 (has links) Cyber-attacks have become an increasing threat to organisations as well as the wider public. This has led to greatly negative impacts on the economy at large and on the everyday lives of people. Every successful cyber attack on targeted devices and networks highlights the weaknesses within the defense mechanisms responsible for securing them. Gaining a thorough understanding of cyber threats beforehand is therefore essential to prevent potential attacks in the future. Numerous efforts have been made to avoid cyber-attacks and protect the valuable assets of an organisation. However, the most recent cyber-attacks have exhibited the profound levels of sophistication and intelligence of the attacker, and have shown conven- tional attack detection mechanisms to fail in several attack situations. Several researchers have highlighted this issue previously, along with the challenges faced by alternative solu- tions. There is clearly an unprecedented need for a solution that takes a proactive approach to understanding potential cyber threats in real-time situations. This thesis proposes a progressive and multi-aspect solution comprising of cyber-attack modeling for the purpose of cyber threat intelligence. The proposed model emphasises on approaches from organisations to understand and predict future cyber-attacks by collecting and analysing network events to identify attacker activity. This could then be used to understand the nature of an attack to build a threat intelligence framework. However, collecting and analysing live data from a production system can be challenging and even dangerous as it may lead the system to be more vulnerable. The solution detailed in this thesis deployed cloud-based honeypot technology, which is well-known for mimicking the real system while collecting actual data, to see network activity and help avoid potential attacks in near real-time. In this thesis, we have suggested a new threat intelligence technique by analysing attack data collected using cloud-based web services in order to identify attack artefacts and support active threat intelligence. This model was evaluated through experiments specifically designed using elastic stack technologies. The experiments were designed to assess the identification and prediction capability of the threat intelligence system for several different attack cases. The proposed cyber threat intelligence and modeling systems showed significant potential to detect future cyber-attacks in real-time. / Government of Qatar Cyber-attack Cyber-attack modelling Cyber threat intelligence Elasticsearch Honeypots Cloud services Attack awareness Object-based model
17	Self-Adaptive Honeypots Coercing and Assessing Attacker Behaviour / Paradigme de pot de miel adaptatif permettant d'étudier et d'évaluer le comportement et compétences des pirates informatiques Wagener, Gérard 22 June 2011 (has links) Les communautés de la sécurité informatique parlent de "pirates informatiques", mais en réalité, très peu est connu au sujet de leurs compétences. Durant la dernière décennie, le nombre d'attaques a augmenté de façon exponentielle et les pots de miels ont été alors introduits afin de recueillir des informations sur les attaquants. Ces pots de miel viennent en des saveurs différentes en fonction de leur potentiel d'interaction. Cette thèse abordera le paradigme des pots de miel adaptatifs pouvant changer leur comportement dans l’intention de tromper les attaquants en dévoilant le plus de renseignements possibles sur eux-mêmes. Plutôt que d'être autorisé simplement pour effectuer des attaques, les attaquants sont confrontés à des interférences stratégiques. En utilisant des critères mesurables, les compétences et les capacités de l'attaquant peuvent être évaluées par des pots de miel adaptatifs. Nous avons modélisé les interactions des attaquants. L'idée clé derrière la modélisation des interactions des attaquants élaborée dans cette thèse est d'utiliser la théorie des jeux pour définir la configuration d'un pot de miel adaptatif. Nous avons utilisé des mécanismes d'apprentissage par renforcement dans le but de trouver le meilleur comportement face à des attaquants. Un pot de miel adaptatif est capable d'adopter des stratégies comportementales au niveau de l’exécution de commandes par l'attaquant. Nos résultats expérimentaux montrent que ces stratégies dépendent des paramètres contextuels qui peuvent ainsi servir pour construire des pots de miel intelligents / Information security communities are always talking about "attackers" but in reality very little is known about their skills.In the last decade the number of attacks has increased exponentially and honeypots were introduced in order to gather information about attackers. Honeypots come in different flavors with respect to their interaction potential. Choosing the best trade-off between attacker freedom and honeypot restrictions is challenging. In this dissertation, we address the issue ofself-adaptive honeypots that can change their behavior and lure attackers into revealing as much information as possible about themselves. Rather than being allowed simply to carry out attacks, attackers are challenged by strategic interference from adaptive honeypots. The observation of the attackers' reactions is particularly interesting and, using derivedmeasurable criteria, the attacker's skills and capabilities can be assessed by the honeypot operator. We formally model the interactions of attackers with a compromised system. The key idea is to leverage game-theoretic concepts to define the configuration and reciprocal actions of high-interaction honeypots. We have also leveraged reinforcement learningmachine learning in order to arrive at the best behavior when facing attackers. Our experimental results show that behavioral strategies are dependent on contextual parameters and can serve as advanced building blocks forintelligent honeypots Sécurité des informations Pot de miel Comportement des pirates informatiques Théorie des jeux Apprentissae par renforcement Information security Honeypots Attacker behaviour Game theory Reinforcement learning 006
18	Alert correlation towards an efficient response decision support / Corrélation d’alertes : un outil plus efficace d’aide à la décision pour répondre aux intrusions Ben Mustapha, Yosra 30 April 2015 (has links) Les SIEMs (systèmes pour la Sécurité de l’Information et la Gestion des Événements) sont les cœurs des centres opérationnels de la sécurité. Ils corrèlent un nombre important d’événements en provenance de différents capteurs (anti-virus, pare-feux, systèmes de détection d’intrusion, etc), et offrent des vues synthétiques pour la gestion des menaces ainsi que des rapports de sécurité. La gestion et l’analyse de ce grand nombre d’alertes est une tâche difficile pour l’administrateur de sécurité. La corrélation d’alertes a été conçue afin de remédier à ce problème. Des solutions de corrélation ont été développées pour obtenir une vue plus concise des alertes générées et une meilleure description de l’attaque détectée. Elles permettent de réduire considérablement le volume des alertes remontées afin de soutenir l’administrateur dans le traitement de ce grand nombre d’alertes. Malheureusement, ces techniques ne prennent pas en compte les connaissances sur le comportement de l’attaquant, les fonctionnalités de l’application et le périmètre de défense du réseau supervisé (pare-feu, serveurs mandataires, Systèmes de détection d’intrusions, etc). Dans cette thèse, nous proposons deux nouvelles approches de corrélation d’alertes. La première approche que nous appelons corrélation d’alertes basée sur les pots de miel utilise des connaissances sur les attaquants recueillies par le biais des pots de miel. La deuxième approche de corrélation est basée sur une modélisation des points d’application de politique de sécurité / Security Information and Event Management (SIEM) systems provide the security analysts with a huge amount of alerts. Managing and analyzing such tremendous number of alerts is a challenging task for the security administrator. Alert correlation has been designed in order to alleviate this problem. Current alert correlation techniques provide the security administrator with a better description of the detected attack and a more concise view of the generated alerts. That way, it usually reduces the volume of alerts in order to support the administrator in tackling the amount of generated alerts. Unfortunately, none of these techniques consider neither the knowledge about the attacker’s behavior nor the enforcement functionalities and the defense perimeter of the protected network (Firewalls, Proxies, Intrusion Detection Systems, etc). It is still challenging to first improve the knowledge about the attacker and second to identify the policy enforcement mechanisms that are capable to process generated alerts. Several authors have proposed different alert correlation methods and techniques. Although these approaches support the administrator in processing the huge number of generated alerts, they remain limited since these solutions do not provide us with more information about the attackers’ behavior and the defender’s capability in reacting to detected attacks. In this dissertation, we propose two novel alert correlation approaches. The first approach, which we call honeypot-based alert correlation, is based on the use of knowledge about attackers collected through honeypots. The second approach, which we call enforcement-based alert correlation, is based on a policy enforcement and defender capabilities’ model Corrélation d'alertes Aide à la décision Pots de miels Renforcement de politique de sécurité Systèmes de détection d'intrusions Réponses aux intrusions Alert correlation Decision support Honeypots Security policy enforcement Detection systems Responses to intrusions
19	Is Microsoft a Threat to National Security? Policy, Products, Penetrations, and Honeypots Watkins, Trevor U. 11 June 2009 (has links) No description available. Computer Science Information Systems Systems Design Honeypots penetration testing national security network security Microsoft threat to national security hackers Microsoft Windows
20	Deception strategies for web application security: application-layer approaches and a testing platform Izagirre, Mikel January 2017 (has links) The popularity of the internet has made the use of web applications ubiquitous and essential to the daily lives of people, businesses and governments. Web servers and web applications are commonly used to handle tasks and data that can be critical and highly valuable, making them a very attractive target for attackers and a vector for successful attacks that are aimed at the application layer. Existing misuse and anomaly-based detection and prevention techniques fail to cope with the volume and sophistication of new attacks that are continuously appearing, which suggests that there is a need to provide new additional layers of protection. This work aims to design a new layer of defense based on deception that is employed in the context of web application-layer traffic with the purpose of detecting and preventing attacks. The proposed design is composed of five deception strategies: Deceptive Comments, Deceptive Request Parameters, Deceptive Session Cookies, Deceptive Status Codes and Deceptive JavaScript. The strategies were implemented as a software artifact and their performance evaluated in a testing environment using a custom test script, the OWASP ZAP penetration testing tool and two vulnerable web applications. Deceptive Parameter strategy obtained the best security performance results, followed by Deceptive Comments and Deceptive Status Codes. Deceptive Cookies and Deceptive JavaScript got the poorest security performance results since OWASP ZAP was unable to detect and use deceptive elements generated by these strategies. Operational performance results showed that the deception artifact could successfully be implemented and integrated with existing web applications without changing their source code and adding a low operational overhead. deception computer deception cyberdeception intrusion detection intrusion deception security cybersecurity web web applications HTTP penetration testing security testing honeypots honeytokens decoy active defense attacks web vulnerability scanners OWASP ZAP BodgeIt WAVSEP Computer Systems Datorsystem

Page generated in 0.0477 seconds