File:LEARNING CYBERATTACK PATTERNS WITH ACTIVE HONEYPOTS (IA learningcyberatt1094560377).pdf
Original file (1,275 × 1,650 pixels, file size: 3.98 MB, MIME type: application/pdf, 120 pages)
Captions
Captions
Summary[edit]
LEARNING CYBERATTACK PATTERNS WITH ACTIVE HONEYPOTS
(   ) |
|
|---|---|
| Author |
|
| Title |
LEARNING CYBERATTACK PATTERNS WITH ACTIVE HONEYPOTS |
| Publisher |
Monterey, CA; Naval Postgraduate School |
| Description |
Honeypots can detect new attacks and vulnerabilities like zero-day exploits, based on an attacker’s behavior. Existing honeypots, however, are typically passive in nature and poor at detecting new and complex attacks like those carried out by state-sponsored actors. Deception is a commonly used tactic in conventional military operations, but it is rarely used in cyberspace. In this thesis, we implemented “active honeypots,” which incorporate deception into honeypot responses. In five phases of testing, we incorporated deception techniques such as fake files, defensive camouflage, delays, and false excuses into a Web honeypot built with SNARE and TANNER software, and an SSH honeypot built with Cowrie software. Our experiments sought to investigate how cyberattackers respond to the deception techniques. Our results showed that most attackers performed only vulnerability scanning and fingerprinting of our honeypots. Some appeared to be performing horizontal scanning, accessing both honeypots in the same phase. We found that the attackers were primarily non-interactive and did not respond to customized deception. We also observed that attackers who established a non-interactive session might be unable to exit the session without external intervention. Thus, we can delay to penalize these attackers. We also discovered that some attackers used unusual means of transferring files to the SSH server, and we recommend exploring how deception can be used against such techniques. Subjects: deception; honeypot; cyberattack |
| Language | English |
| Publication date | September 2018 |
| Current location |
IA Collections: navalpostgraduateschoollibrary; fedlink |
| Accession number |
learningcyberatt1094560377 |
| Source | |
| Permission (Reusing this file) |
Copyright is reserved by the copyright owner. |
Licensing[edit]
|
This work is in the public domain in the United States because it is a work prepared by an officer or employee of the United States Government as part of that person’s official duties under the terms of Title 17, Chapter 1, Section 105 of the US Code.
Note: This only applies to original works of the Federal Government and not to the work of any individual U.S. state, territory, commonwealth, county, municipality, or any other subdivision. This template also does not apply to postage stamp designs published by the United States Postal Service since 1978. (See § 313.6(C)(1) of Compendium of U.S. Copyright Office Practices). It also does not apply to certain US coins; see The US Mint Terms of Use.
|
 |
| This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights. | ||
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 14:33, 22 July 2020 |  | 1,275 × 1,650, 120 pages (3.98 MB) | Fæ (talk | contribs) | FEDLINK - United States Federal Collection learningcyberatt1094560377 (User talk:Fæ/IA books#Fork8) (batch 1993-2020 #20676) |
You cannot overwrite this file.
File usage on Commons
The following page uses this file: