An Improved Honeypot Model for Attack Detection and Analysis

被引：1

作者：

Abbas-Escribano, Marwan ^{[1
,2
]}

Debar, Herve ^{[1
]}

机构：

[1] Telecom Sud Paris, Paris, France

[2] Sesame IT, Paris, France

来源：

18TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY & SECURITY, ARES 2023 | 2023年

关键词：

D O I：

10.1145/3600160.3604993

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it's situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.

引用

页数：17

共 31 条

[1]

Aggarwal P., 2016, ADV HUMAN FACTORS CY, V501, DOI 10.1007/978-3-319-41932-9_8

[2]

Alata E, 2006, EDCC 2006: SIXTH EUROPEAN DEPENDABLE COMPUTING CONFERENCE, PROCEEDINGS, P39

[3]

Alay-Eddine Maxime, 2023, Richelieu

[4]

[Anonymous], 2022, Matrix-Enterprise

[5]

[Anonymous], 2022, Purplesec 2022 Cyber Security Statistics Trends & Data

[6]

Applebaum A., 2020, MITRE ATT&CK: Design and Philosophy

[7]

Common Attack Pattern Enumeration and Classification (CAPEC), 2023, About us

[8]

Commvault, 2023, Metallic.io Threat Wise

[9]

CounterCraft, 2023, ABOUT US

[10]

Dacier Marc, 2012, Attack processes found on the internet

← 1 2 3 4 →