Global ETD Search

11	Detecting Drive-by Download Based on Reputation System Huang, Jhe-Jhun 10 January 2012 (has links) Drive-by download is a sort of network attack which uses different techniques to plant malicious codes in their computers. It makes the traditional intrusion detection systems and firewalls nonfunctional in the reason that those devices could not detect web-based threats. The Crawler-based approach has been proposed by many studies to discover drive-by download sites. However, the Crawler-based approach could not simulate the real user behavior of web browsing when drive-by download attack happens. Therefore, this study proposes a new approach to detect drive-by download by sniffing HTTP flow. This study uses reputation system to improve the efficiency of client honeypots, and adjusts client honeypots to process the raw data of HTTP flow. In the experiment conducted in real network environment, this study show the performance of a single client honeypot could reach average 560,000 HTTP success access log per day. Even in the peak traffic, this mechanism reduced the process time to 22 hours, and detected drive-by download sites that users were actually browsing. Reputation system in this study is applicable to varieties of domain names because it does not refer to online WHOIS database. It established classification model on machine learning in 12 features. The correct classification rate of the reputation system applied in this study is 90.9%. Compared with other Reputation System studies, this study not only extract features from DNS A-Type but also extract features from DNS NS-Type. The experiment results show the Error Rate of the new features from DNS NS-Type is only 19.03%. Honeypot Machine Learning Drive-by Download Reputation System DNS
12	Contributions of honeyports to network security Pepakayala, Sagar January 2007 (has links) A honeypot is an attractive computer target placed inside a network to lure the attackers into it. There are many advantages of this technology, like, information about attacker's tools and techniques can be fingerprinted, malicious traffic can be diverted away from the real target etc. With the increased activity from the blackhat community day by day, honeypots could be an effective weapon in the network security administrator's armor. They have been studied rigorously during the past few years as a part of the security industry's drive to combat malicious traffic. While the whitehats are trying to make honeypots stealthier, blackhats are coming up with techniques to identify them (therefore nullifying any further use) or worse, use them in their favor. The game is on. The goal of this thesis is to study different architectural issues regarding honeypot deployment, various stages in utilizing honeypots like forensic analysis etc. Other concepts like IDSs and firewalls which are used in conjunction with honeypots are also discussed, because security is about cooperation among different security components. In the security industry, it is customary for whitehats to watch what blackhats are doing and vice versa. So the thesis discusses recent techniques to defeat honeypots and risks involved in deploying honeypots. Commercial viability of honeypots and business cases for outsourcing honeypot maintenance are presented. A great interest from the security community about honeypots has propelled the research and resulted in various new and innovative applications of honeypots. Some of these applications, which made an impact, are discussed. Finally, future directions in research in honeypot technology are perused. Honeypot honeynet cyber-deception IDS Computer Sciences Datavetenskap (datalogi)
13	Strengthening MT6D Defenses with Darknet and Honeypot capabilities Basam, Dileep Kumar 09 December 2015 (has links) With the ever increasing adoption of IPv6, there has been a growing concern for security and privacy of IPv6 networks. Mechanisms like the Moving Target IPv6 Defense (MT6D) leverage the immense address space available with the new 128-bit addressing scheme to improve security and privacy of IPv6 networks. MT6D allows participating hosts to hop onto new addresses, that are cryptographically computed, without any disruption to ongoing conversations. However, there is no feedback mechanism in the current MT6D implementation to substantiate the core strength of the scheme i.e., to find an attacker attempting to discover and target any MT6D addresses. This thesis proposes a method to monitor the intruder activity targeting the relinquished addresses to extract information for reinforcing the defenses of the MT6D scheme. Our solution identifies and acquires IPv6 addresses that are being discarded by MT6D hosts on a local network, in addition to monitoring and visualizing the incoming traffic on these addresses. This is essentially equivalent to forming a darknet out of the discarded MT6D addresses. The solution's architecture also includes an ability to deploy a virtual (LXC-based) honeypot on-demand, based on any interesting traffic pattern observed on a discarded address. With this solution in place, we can become cognizant of an attacker trailing an MT6D-host along the address changes, as well as understanding the composition of attack traffic hitting the discarded MT6D addresses. With the honeypot deployment capabilities, the solution can take the conversation forward with the attacker to collect more information on attacker methods and delay further tracking attempts. The solution architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation (JSON) object. This feature allows the MT6D host to identify any suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution's feasibility and scalability. / Master of Science Moving Target Defense MT6D Darknet Honeypot Dionaea IPv6
14	Análise de dados de bases de honeypots: estatística descritiva e regras de IDS Ferreira, Pedro Henrique Matheus da Costa 04 March 2015 (has links) Made available in DSpace on 2016-03-15T19:37:56Z (GMT). No. of bitstreams: 1 PEDRO HENRIQUE MATHEUS DA COSTA FERREIRA.pdf: 2465586 bytes, checksum: c81a1527d816aeb0b216330fd4267b93 (MD5) Previous issue date: 2015-03-04 / Fundação de Amparo a Pesquisa do Estado de São Paulo / A honeypot is a computer security system dedicated to being probed, attacked or compromised. The information collected help in the identification of threats to computer network assets. When probed, attacked and compromised the honeypot receives a sequence of commands that are mainly intended to exploit a vulnerability of the emulated systems. This work uses data collected by honeypots to create rules and signatures for intrusion detection systems. The rules are extracted from decision trees constructed from the data sets of real honeypots. The results of experiments performed with four databases, both public and private, showed that the extraction of rules for an intrusion detection system is possible using data mining techniques, particularly decision trees. The technique pointed out similarities between the data sets, even the collection occurring in places and periods of different times. In addition to the rules obtained, the technique allows the analyst to identify problems quickly and visually, facilitating the analysis process. / Um honeypot é um sistema computacional de segurança dedicado a ser sondado, atacado ou comprometido. As informações coletadas auxiliam na identificação de ameaças computacionais aos ativos de rede. Ao ser sondado, atacado e comprometido o honeypot recebe uma sequência de comandos que têm como principal objetivo explorar uma vulnerabilidade dos sistemas emulados. Este trabalho faz uso dos dados coletados por honeypots para a criação de regras e assinaturas para sistemas de detecção de intrusão. As regras são extraídas de árvores de decisão construídas a partir dos conjuntos de dados de um honeypot real. Os resultados dos experimentos realizados com quatro bases de dados, duas públicas e duas privadas, mostraram que é possível a extração de regras para um sistema de detecção de intrusão utilizando técnicas de mineração de dados, em particular as árvores de decisão. A técnica empregada apontou similaridades entre os conjuntos de dados, mesmo a coleta ocorrendo em locais e períodos de tempos distintos. Além das regras obtidas, a técnica permite ao analista identificar problemas existentes de forma rápida e visual, facilitando o processo de análise. honeypot dionaea mineração de dados IDS árvores de decisão honeypot dionaea data mining IDS decision trees CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
15	HoneypotLabsac: um Framework de Honeypot Virtual para o Android / HoneypotLabsac: a Framework of Virtual Honeypot for Android OLIVEIRA, Vladimir Bezerra de 26 June 2012 (has links) Made available in DSpace on 2016-08-17T14:53:22Z (GMT). No. of bitstreams: 1 dissertacao Vladimir Bezerra.pdf: 1689359 bytes, checksum: a70169a92374db41ad6ea24d036d2b23 (MD5) Previous issue date: 2012-06-26 / FUNDAÇÃO DE AMPARO À PESQUISA DO ESTADO DO PIAUÍ / Mobile devices such as Smartphones, have become indispensable nowadays, due their increased processing power, more room for data storage, batteries with greater time autonomy, connection to wireless networks and 3G networks. . The Android Operating System is a complete platform for mobile devices principally for Smartphones developed by Google in 2008. It is gaining an increasingly global market space, due to its open-source code. Attacks on mobile phones are not a current practice. The first virtual virus called Cabir, was developed in 2004, and it is concerned only the Symbian operating system. Studies show great evolution of digital attacks to the Android operating system. Honeypots (tools that have many features such as deceive the attacker) can be quite useful in the context of network security. They make the attacker think that he is actually interacting with an operating system, but in fact the attacker is being monitored. Therefore, the present thesis is aimed to develop a Framework (framework) to generate a virtual Honeypot at the level of application for the Android operating system. The methodological procedures for the preparation of this work are the: bibliography research articles, essays and literature specific.. In this work, we show that the attacker can be monitored in mobile devices through a Honeypot generated by the framework developed here in order to be used as a tool in network security based on deception. From our experience in this study, we report some essential recommendations points for improving and expanding this work. / Os dispositivos móveis, como os Smartphones, tornaram-se indispensáveis nos dias atuais, devido ao aumento do poder de processamento, maior espaço de armazenamento de dados, baterias com maior autonomia de tempo, conexão a rede wireless e à rede 3g. O Sistema Operacional Android é uma plataforma completa para dispositivos móveis principalmente para aparelhos celulares inteligentes, desenvolvida pela Google em 2008. Ganhando nesse contexto cada vez mais espaço no mercado mundial, devido ser open-source, ou seja, código fonte aberto. Ataques a telefones celulares não é uma prática atual, o primeiro vírus virtual denominado de Cabir, foi desenvolvido em 2004, e visava exclusivamente o sistema operacional Symbiam. Estudos apresentam grande evolução de ataques digitais ao sistema operacional Android. Os Honeypots (ferramentas que dispõem de diversas funcionalidades e que tem como objetivo principal enganar o invasor) podem ser bastante úteis no âmbito de segurança de rede. Eles fazem com que o atacante pense que está interagindo de fato com um sistema operacional, mas na verdade o atacante está sendo monitorado. Neste sentido, o presente trabalho foi realizado com o objetivo de desenvolver um Framework (arcabouço) para gerar Honeypot virtual a nível de aplicação para o sistema operacional Android. Os procedimentos metodológicos para elaboração deste trabalho foram: pesquisa bibliográfica (artigos, dissertações e literaturas especificas). Conclui-se que é possível monitorar o atacante de dispositivos móveis através do Honeypot gerado pelo Framework desenvolvido, de forma a ser usado como uma ferramenta em segurança de redes baseados em iludir. Diante da experiência vivenciada neste estudo, expomos algumas recomendações, pontos imprescindíveis para melhorias do tema abordado, como: mais visibilidade ao Honeypot e ampliação para outros sistemas operacionais móveis. Smartphone Honeypot Framework Sistemas Operacionais Android Smartphone Honeypot Framework Android Operating Systems
16	Survival Time : A Survey on the Current Survival Time for an Unprotected Public System Rosenberg, Magdalena January 2013 (has links) Survival Time, what exactly does the term imply and what is the best method to measure it? Several experts within the field of Internet security have used the term; some has gone further and presented statistical facts on the survival time throughout the years. This bachelor thesis aim to present a universal definition of the term and further on measure the current survival time for a given unprotected system. By the deployment of a decoy, data will be captured and collected through port monitoring. Mainly focus will lie on building a time curve presenting the estimated time for an unprotected public system to get detected on the Internet and the elapsed time hence the system gets attacked. Survival time Survival analysis Network security Computer security Honeypot Pure honeypot Network analysis Computer and Information Sciences Data- och informationsvetenskap
17	Dynamická analýza malware s cílem získávání indikátorů kompromitace a jejich následném využití KUNC, Martin January 2019 (has links) This master thesis focuses on collecting network indicators of compromise gathered by using dynamic malware analysis in real environment. It speculates on possibilities on how to approach such collection and the most suitable solution is selected. Gathered indicators of compromise are thoroughly analyzed and utilized for improving cyber-security of Czech Republic.
18	Client-side threats and a honeyclient-based defense mechanism, Honeyscout Clementson, Christian January 2009 (has links) <p>Client-side computers connected to the Internet today are exposed to a lot malicious activity. Browsing the web can easily result in malware infection even if the user only visits well known and trusted sites. Attackers use website vulnerabilities and ad-networks to expose their malicious code to a large user base. The continuing trend of the attackers seems to be botnet construction that collects large amounts of data which could be a serious threat to company secrets and personal integrity. Meanwhile security researches are using a technology known as honeypots/honeyclients to find and analyze new malware. This thesis takes the concept of honeyclients and combines it with a proxy and database software to construct a new kind of real time defense mechanism usable in live environments. The concept is given the name Honeyscout and it analyzes any content before it reaches the user by using visited sites as a starting point for further crawling, blacklisting any malicious content found. A proof-of-concept honeyscout has been developed using the honeyclient Monkey-Spider by Ali Ikinci as a base. Results from the evaluation shows that the concept has potential as an effective and user-friendly defense technology. There are however large needs to further optimize and speed up the crawling process.</p> Client security network security malware virus honeypot honeyclient capture-hpc monkey-spider honeyscout Computer science Datavetenskap
19	Forensic framework for honeypot analysis Fairbanks, Kevin D. 05 April 2010 (has links) The objective of this research is to evaluate and develop new forensic techniques for use in honeynet environments, in an effort to address areas where anti-forensic techniques defeat current forensic methods. The fields of Computer and Network Security have expanded with time to become inclusive of many complex ideas and algorithms. With ease, a student of these fields can fall into the thought pattern of preventive measures as the only major thrust of the topics. It is equally important to be able to determine the cause of a security breach. Thus, the field of Computer Forensics has grown. In this field, there exist toolkits and methods that are used to forensically analyze production and honeypot systems. To counter the toolkits, anti-forensic techniques have been developed. Honeypots and production systems have several intrinsic differences. These differences can be exploited to produce honeypot data sources that are not currently available from production systems. This research seeks to examine possible honeypot data sources and cultivate novel methods to combat anti-forensic techniques. In this document, three parts of a forensic framework are presented which were developed specifically for honeypot and honeynet environments. The first, TimeKeeper, is an inode preservation methodology which utilizes the Ext3 journal. This is followed with an examination of dentry logging which is primarily used to map inode numbers to filenames in Ext3. The final component presented is the initial research behind a toolkit for the examination of the recently deployed Ext4 file system. Each respective chapter includes the necessary background information and an examination of related work as well as the architecture, design, conceptual prototyping, and results from testing each major framework component. Dentry TimeKeeper Ext4 File system forensics Ext3 Honeypot Computer crimes Investigation Computer networks Security measures
20	Combating Threats to the Quality of Information in Social Systems Lee, Kyumin 16 December 2013 (has links) Many large-scale social systems such as Web-based social networks, online social media sites and Web-scale crowdsourcing systems have been growing rapidly, enabling millions of human participants to generate, share and consume content on a massive scale. This reliance on users can lead to many positive effects, including large-scale growth in the size and content in the community, bottom-up discovery of “citizen-experts”, serendipitous discovery of new resources beyond the scope of the system designers, and new social-based information search and retrieval algorithms. But the relative openness and reliance on users coupled with the widespread interest and growth of these social systems carries risks and raises growing concerns over the quality of information in these systems. In this dissertation research, we focus on countering threats to the quality of information in self-managing social systems. Concretely, we identify three classes of threats to these systems: (i) content pollution by social spammers, (ii) coordinated campaigns for strategic manipulation, and (iii) threats to collective attention. To combat these threats, we propose three inter-related methods for detecting evidence of these threats, mitigating their impact, and improving the quality of information in social systems. We augment this three-fold defense with an exploration of their origins in “crowdturfing” – a sinister counterpart to the enormous positive opportunities of crowdsourcing. In particular, this dissertation research makes four unique contributions: • The first contribution of this dissertation research is a framework for detecting and filtering social spammers and content polluters in social systems. To detect and filter individual social spammers and content polluters, we propose and evaluate a novel social honeypot-based approach. • Second, we present a set of methods and algorithms for detecting coordinated campaigns in large-scale social systems. We propose and evaluate a content- driven framework for effectively linking free text posts with common “talking points” and extracting campaigns from large-scale social systems. • Third, we present a dual study of the robustness of social systems to collective attention threats through both a data-driven modeling approach and deploy- ment over a real system trace. We evaluate the effectiveness of countermeasures deployed based on the first moments of a bursting phenomenon in a real system. • Finally, we study the underlying ecosystem of crowdturfing for engaging in each of the three threat types. We present a framework for “pulling back the curtain” on crowdturfers to reveal their underlying ecosystem on both crowdsourcing sites and social media. Social Media Social System Spam Threat Collective Attention Campaign Crowdturfing Crowdturfer Social Honeypot Twitter

Search results