اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدLessons Learned from the deployment of a high-interaction honeypot
200
0
0.0
(
0
)
تأليف
Eric Alata
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
This paper presents an experimental study and the lessons learned from the observation of the attackers when logged on a compromised machine. The results are based on a six months period during which a controlled experiment has been run with a high interaction honeypot. We correlate our findings with those obtained with a worldwide distributed system of lowinteraction honeypots.
قيم البحث
اقرأ أيضاً
We study the temporal dynamics of potentially harmful apps (PHAs) on Android by leveraging 8.8M daily on-device detections collected among 11.7M customers of a popular mobile security product between 2019 and 2020. We show that the current security m
odel of Android, which limits security products to run as regular apps and prevents them from automatically removing malicious apps opens a significant window of opportunity for attackers. Such apps warn users about the newly discovered threats, but users do not promptly act on this information, allowing PHAs to persist on their device for an average of 24 days after they are detected. We also find that while app markets remove PHAs after these become known, there is a significant delay between when PHAs are identified and when they are removed: PHAs persist on Google Play for 77 days on average and 34 days on third party marketplaces. Finally, we find evidence of PHAs migrating to other marketplaces after being removed on the original one. This paper provides an unprecedented view of the Android PHA landscape, showing that current defenses against PHAs on Android are not as effective as commonly thought, and identifying multiple research directions that the security community should pursue, from orchestrating more effective PHA takedowns to devising better alerts for mobile security products.
Mobile nodes, in particular smartphones are one of the most relevant devices in the current Internet in terms of quantity and economic impact. There is the common believe that those devices are of special interest for attackers due to their limited r
esources and the serious data they store. On the other hand, the mobile regime is a very lively network environment, which misses the (limited) ground truth we have in commonly connected Internet nodes. In this paper we argue for a simple long-term measurement infrastructure that allows for (1) the analysis of unsolicited traffic to and from mobile devices and (2) fair comparison with wired Internet access. We introduce the design and implementation of a mobile honeypot, which is deployed on standard hardware for more than 1.5 years. Two independent groups developed the same concept for the system. We also present preliminary measurement results.
Honeypots are a deceptive technology used to capture malicious activity. The technology is useful for studying attacker behavior, tools, and techniques but can be difficult to implement and maintain. Historically, a lack of measures of effectiveness
prevented researchers from assessing honeypot implementations. The consequence being ineffective implementations leading to poor performance, flawed imitation of legitimate services, and premature discovery by attackers. Previously, we developed a taxonomy for measures of effectiveness in dynamic honeypot implementations. The measures quantify a dynamic honeypots effectiveness in fingerprinting its environment, capturing valid data from adversaries, deceiving adversaries, and intelligently monitoring itself and its surroundings. As a step towards developing automated effectiveness testing, this work introduces a tool for priming a target honeypot for evaluation. We outline the design of the tool and provide results in the form of quantitative calibration data.
Astronomy is changing. Large projects, large collaborations, and large budgets are becoming the norm. The Sloan Digital Sky Survey (SDSS) is one example of this new astronomy, and in operating the original survey, we put in place and learned many val
uable operating principles. Scientists sometimes have the tendency to invent everything themselves but when budgets are large, deadlines are many, and both are tight, learning from others and applying it appropriately can make the difference between success and failure. We offer here our experiences well as our thoughts, opinions, and beliefs on what we learned in operating the SDSS.
We report on the initial phase of an ongoing, multi-stage investigation of how to incorporate Virtual Reality (VR) technology in teaching introductory astronomy concepts. Our goal was to compare the efficacy of VR vs. conventional teaching methods us
ing one specific topic, Moon phases and eclipses. After teaching this topic to an ASTRO 101 lecture class, students were placed into three groups to experience one of three additional activities: supplemental lecture, hands-on activity, or VR experience. All students were tested before and after their learning activity. Although preliminary, our results can serve as a useful guide to expanding the role of VR in the astronomy classroom.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
