Global ETD Search

21	Honeypots in network security Akkaya, Deniz, Thalgott, Fabien January 2010 (has links) Day by day, more and more people are using internet all over the world. It is becoming apart of everyone’s life. People are checking their e-mails, surfing over internet, purchasinggoods, playing online games, paying bills on the internet etc. However, while performingall these things, how many people know about security? Do they know the risk of beingattacked, infecting by malicious software? Even some of the malicious software arespreading over network to create more threats by users. How many users are aware of thattheir computer may be used as zombie computers to target other victim systems? Astechnology is growing rapidly, newer attacks are appearing. Security is a key point to getover all these problems. In this thesis, we will make a real life scenario, using honeypots.Honeypot is a well designed system that attracts hackers into it. By luring the hackerinto the system, it is possible to monitor the processes that are started and running on thesystem by hacker. In other words, honeypot is a trap machine which looks like a realsystem in order to attract the attacker. The aim of the honeypot is analyzing, understanding,watching and tracking hacker’s behaviours in order to create more secure systems.Honeypot is great way to improve network security administrators’ knowledge and learnhow to get information from a victim system using forensic tools. Honeypot is also veryuseful for future threats to keep track of new technology attacks. Honeypot hacking security forensic analysis of honeypots network Computer Sciences Datavetenskap (datalogi)
22	Evaluation of Low-Interaction Honeypots on the University Network Ponten, Austin January 2017 (has links) This project studies the three honeypot solutions Honeyd,Dionaea, and Kippo. Eval-uating the solutions themselves, and observing their implementation into the university campus network. The investigation begins with the understanding of how a honeypot works and is useful as an extra security layer, following with an implementation of said three honeypot solutions and the results that follow after a period of days. After the data has been collected, it shows that the majority of malicious activity surrounded communication services, and an evaluation of the three honeypot solutions showed Honeyd as the best with its scalability and reconfigurability. Honeypot Networking Computer Security Elektroteknik och elektronik Computer Systems Datorsystem
23	Analýza síťových útoků pomocí nástroje Honeyd / Network Attack Analysis Using Honeyd Tool Kohoutek, Jan January 2010 (has links) Network attack analysis using honeyd tool. Opensource honeypots WinHoneyd and LaBrea deployment testing. Description and solving deployment problems conected with applied operating system. Capture of network attack with packet sniffer. Captured data analyzing and procesing
24	HONEYPOT – To bee or not to bee: A study of attacks on ICS/SCADA systems. Albinsson, Felix, Riedl, Jesper January 2021 (has links) In the past, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems were planned to run as isolated networks, and not interconnect with other networks e.g., the internet or other parts of a corporate’s network. Because of the isolation, no cybersecurity mechanism was required. In the modern society, ICS/SCADA systems has evolved to communicate over public IP networks and has been incorporated in a company’s intranet or directly to the internet. This integration opens up for threats that were not envisioned at the time when the system was created. When ICS/SCADA systems get exposed to the internet, there is a risk that vulnerabilities in the systems get exploited by a malicious force. This can lead to data loss, destruction of data and devices, damage to infrastructure, financial losses for the company, and even loss of human life could occur. To mitigate and prevent attacks it is crucial to understand the attacks and the behaviour of the attacker. One way to achieve this is setting up a system that mimics the real system. This fake system is separated from the production network and closely monitored. The data collected can be analysed and used to gain knowledge about the attacks. This thesis will present a possible way to study attacks on an ICS/SCADA system using a honeypot designed for this purpose. To do this, a suitable honeypot had to be found that could collect relevant data regarding what kind of attacks that may be used against an ICS/SCADA system. This was achieved by experimenting with different set ups, and the collected data was analysed. This led to the use of T-pot as the chosen honeypot and the collected data showed that a lot of the traffic were directed towards the ICS/SCADA communication protocols Modbus and s7comm. To secure an ICS/SCADA system, it is important to gain knowledge about attacks and attack vectors. A honeypot can be a useful tool that provide information regarding attacks and attackers and can be a help in setting up a defence-in-depth strategy to improve the security in an ICS/SCADA network. Honeypot ICS SCADA Conpot T-pot Computer Systems Datorsystem Computer Sciences Datavetenskap (datalogi)
25	Honey-Pot: Systém pro detekci útoků / Honey-Pot: System for Attack Detection Michlovský, Zbyněk January 2007 (has links) This thesis deals with the area of honeypots and honeynets. It defines their classification and contains detailed descriptions of their properties and features. It further elaborates on several freely available systems. The main focus is given to honeypot Nepethes that was being run for one month on an unfiltered Internet connection. A detailed analysis of the collected data is then given.
26	Intrusion Detection for 0-Day Vulnerabilities Truhan, Nathan D. 19 July 2011 (has links) No description available. Computer Science Information Systems IDS intrusion detection 0-day zero-day vulnerabilities honeypot
27	Cyber Threat Intelligence from Honeypot Data using Elasticsearch Al-Mohannadi, Hamad, Awan, Irfan U., Al Hamar, J., Cullen, Andrea J., Disso, Jules P., Armitage, Lorna 18 May 2018 (has links) yes / Cyber attacks are increasing in every aspect of daily life. There are a number of different technologies around to tackle cyber-attacks, such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), firewalls, switches, routers etc., which are active round the clock. These systems generate alerts and prevent cyber attacks. This is not a straightforward solution however, as IDSs generate a huge volume of alerts that may or may not be accurate: potentially resulting in a large number of false positives. In most cases therefore, these alerts are too many in number to handle. In addition, it is impossible to prevent cyber-attacks simply by using tools. Instead, it requires greater intelligence in order to fully understand an adversary’s motive by analysing various types of Indicator of Compromise (IoC). Also, it is important for the IT employees to have enough knowledge to identify true positive attacks and act according to the incident response process. In this paper, we have proposed a new threat intelligence technique which is evaluated by analysing honeypot log data to identify behaviour of attackers to find attack patterns. To achieve this goal, we have deployed a honeypot on an AWS cloud to collect cyber incident log data. The log data is analysed by using elasticsearch technology namely an ELK (Elasticsearch, Logstash and Kibana) stack. Cyber attacks Cyber threats Honeypot data Elasticsearch Cyber threat intelligence technique
28	Less Detectable Web Scraping Techniques / Mindre Detekterbara Webbskrapningstekniker Färholt, Fredric January 2021 (has links) Web scraping is an efficient way of gathering data, and it has also become much eas- ier to perform and offers a high success rate. People no longer need to be tech-savvy when scraping data since several easy-to-use platform services exist. This study conducts experiments to see if people can scrape in an undetectable fashion using a popular and intelligent JavaScript library (Puppeteer). Three web scraper algorithms, where two of them use movement patterns from real-world web users, demonstrate how to retrieve information automatically from the web. They operate on a website built for this research that utilizes known semi-security mechanisms, honeypot, and activity logging, making it possible to collect and evaluate data from the algorithms and the website. The result shows that it may be possible to construct a web scraper algorithm with less detectability using Puppeteer. One of the algorithms reveals that it is possible to control computer performance using built-in methods in Puppeteer. / Webbskrapning är ett effektivt sätt att hämta data på, det har även blivit en aktivitet som är enkel att genomföra och chansen att en lyckas är hög. Användare behöver inte längre vara fantaster inom teknik när de skrapar data, det finns idag mängder olika och lättanvändliga plattformstjänster. Den här studien utför experi- ment för att se hur personer kan skrapa på ett oupptäckbart sätt med ett populärt och intelligent JavaScript bibliotek (Puppeteer). Tre webbskrapningsalgoritmer, där två av dem använder rörelsemönster från riktiga webbanvändare, demonstrerar hur en kan samla information. Webbskrapningsalgoritmerna har körts på en hemsida som ingått i experimentet med kännbar säkerhet, honeypot, och aktivitetsloggning, nå- got som gjort det möjligt att samla och utvärdera data från både algoritmerna och hemsidan. Resultatet visar att det kan vara möljligt att skrapa på ett oupptäckbart sätt genom att använda Puppeteer. En av algoritmerna avslöjar även möjligheten att kontrollera prestanda genom att använda inbyggda metoder i Puppeteer. web scraping data mining javascript puppeteer algorithms data collection security mechanisms honeypot security tools undetectability webbskrapning data mining javascript puppeteer algoritmer datakollektion säkerhetsmekanismer honeypot säkerhetsverktyg oupptäckbar Engineering and Technology Teknik och teknologier
29	Web-based prototype for protecting controllers from existing cyber-attacks in an industrial control system / Webbaserad prototyp för att skydda styrsystem från förekommande cyberattacker i ett industriellt kontrollsystem Sanyang, Pa January 2020 (has links) Industrial control system or ICS is a critical part of the infrastructure in society. An example of ICS is the rail networks or energy plants like the nuclear plant. SCADA is an ICS system following a hierarchical structure. Due to the fact that a control system can be very large, monitoring remote through networks is an effective way to do so. But because of digitalization ICS or SCADA systems are vulnerable to cyber attacks that can hijack or intercept network traffic or deny legitimate user services. SCADA protocols (e.g. Modbus, DNP3) that are prone to get attacks due to not being a secure protocol make a SCADA system even more vulnerable to attacks. The paper focuses on how to best protect the network traffic between an HMI as the client and a different controller as the server from attacks. The proposed solution, the prototype, is based on the reverse proxy server setup to protect controllers from the external network traffic. Only the reverse proxy server, or gateway server, can forward a client request to the intended controller. The gateway server, a web-based solution, will be the additional security layer that encrypts the payload in the application layer using TLS version 1.2 by using HTTPS protocol, thereby protect from usual security threats. The prototype went through a penetration testing of MITM (Based on ARP-poisoning), SYN flooding, slow HTTP POST attacks. And the result indicated that the prototype was vulnerable to SYN flooding and the network traffic was intercepted by the MITM. But from the Confidentiality-Integrity-Availability (C.I.A) criteria, the prototype did uphold the integrity and confidentiality due to the TLS security and successful mitigation of certain attacks. The results and suggestions on how to improve the gateway server security were discussed, including that the testing was not comprehensive but that the result is still valuable. In conclusion, more testing in the future would most likely showcase different results, but that will only mean to better the security of the gateway server, the network that the client and gateway server runs in and the physical security of the location where the client and gateway server is located. / Industrial Control System (ICS, sve. Industriella Kontrollsystem) är en kritisk del av infrastrukturen i samhället. Ett exempel på ICS är järnvägsnät eller energianläggningar som kärnkraftverket. SCADA är ett ICS-system som följer en hierarkisk struktur. Eftersom ett kontrollsystem kan täcka stora ytor är fjärrövervakning och fjärrstyrning via nätverk ett effektivt sätt att göra det på. Men på grund av digitalisering är ICS- eller SCADA-system sårbara för cyberattacker som kan kapa nätverkstrafik eller förneka legitima användare från att nå vissa tjänster. SCADA-protokoll (t.ex. Modbus, DNP3) som är benägna att få attacker på grund av att de inte är ett säkert protokoll gör SCADA-system ännu mer sårbart för attacker. Uppsatsen fokuserar huvudsakligen på hur man bäst skyddar nätverkstrafiken mellan en HMI som klient och en annan controller som servern från attacker. Den föreslagna lösningen, prototypen, är baserad på hur en reverse proxy server är uppsatt för att skydda styrenheter från den externa nätverkstrafiken. Endast reverse proxy servern eller gateway-servern kan vidarebefordra en begäran från en klient till den avsedda styrenheten. Gateway-servern, en webbaserad lösning, kommer att vara det extra säkerhetslagret som krypterar nyttolasten (eng. payload) i applikationslagret med TLS version 1.2 med hjä lp av protokollet HTTPS, och därmed skyddar mot de mest förekommande säkerhetshot som vill se och påverka skyddad information. Prototypen genomgick en penetrationstestning av MITM (Baserat på ARP-poisoning), SYN-flooding, slow HTTP POST-attacker. Och resultatet indikerade att prototypen var sårbar för SYN-flooding och nätverkstrafiken avlyssnades genom MITM. Men baserad på kriterierna för C.I.A (sve. Konfidentialitet, Integritet och Tillgänglighet) upprätthöllprototypen integriteten och konfidentialiteten på grund av säkerhetsprotokollen TLSv1.2 och framgångsrika minskningar av vissa attacker. Resultaten och förslag på hur man kan förbättra prototypen diskuterades, inklusive att testningen inte var omfattande men att resultatet fortfarande är värdefullt. Sammanfattningsvis skulle fler tester i framtiden sannolikt visa ett helt annat resultat, men det kommer bara att innebära att förbättra säkerheten för gateway-servern, nätverket som klienten och gateway-servern kör i och den fysiska säkerheten för platsen där klienten och gateway-servern befinner sig inom. ICS SCADA Modbus Honeypot Conpot Cyber attacks MITM DoS Flooding Reverse proxy server AWS ICS SCADA Modbus Honeypot Conpot Cyber attacks MITM DoS Flooding Reverse proxy server AWS Computer and Information Sciences Data- och informationsvetenskap
30	A lightweight framework to build honeytanks Vanderavero, Nicolas 18 December 2007 (has links) As the Internet becomes an ubiquitous medium of communication, it carries more and more malicious activities like spam, worms or denial of service attacks. One solution to detect and collect such malicious traffic is to use honeypots. They are devices or pieces of information that are not part of the usual production system. Their goals are to lure the attackers into a trap to study them, divert their attention from another target or collect statistics. In this work, we propose a lightweight framework to build honeytanks, which are very efficient low-interaction honeypots. We present and evaluate techniques and algorithms to simulate the presence of a large number of hosts with various degrees of realism and scalability, from a completely stateless approach to a stateful approach able, amongst other things, to mimic the behavior of various TCP/IP stacks. Our framework is based on ASAX, a generic and lightweight data stream analyzer. We instantiate ASAX to build powerful traffic handlers. We introduce several extensions to ASAX and to RUSSEL, its programming language. These extensions allow us to develop new concurrent programming techniques to simulate hosts and protocols in a simple and modular way. We use a recently optimized version of ASAX that makes it possible to simulate tens of thousands hosts while keeping the simulation at a high level of realism. To show the benefits of our approach, i.e., greater simplicity, flexibility, and independence of other technologies, we compare our honeytanks to Honeyd and Nepenthes, two well-known low-interaction honeypots. Analyse de trafic Générateur de trafic Traffic generator Honeytank Security Traffic analysis Honeypot Intrusion detection Pot de miel ASAX Sécurité Détection d'intrusion

Search results