ABSTRACT
As organization infrastructure is getting more complex to support its business, cyber security threat monitoring on the infrastructure for the emerging threats becomes essential. Honeypot, a decoy system, when properly deployed in the organization's network provides valuable insight into the behavior of attacker to the organization. In this research, we propose a generic framework to analyze and categorize threats collected from honeypots. These threat categories become the building block of threat intelligence to be shared used by security analyst in handling security incidents.
- Abdeljalil Agnaou, Anas Abou El Kalam, and Abdellah Ait Ouahman. 2017. Towards a Collaborative Architecture of Honeypots. In 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA). IEEE, 1299--1305. https://doi.org/10.1109/AICCSA.2017.208Google ScholarCross Ref
- Michael Blackstock and Rodger Lea. 2016. FRED: A Hosted Data Flow Platform for the IoT. In Proceedings of the 1st International Workshop on Mashups of Things and APIs. Association for Computing Machinery, New York, NY, USA, 1--5. https://doi.org/10.1145/3007203.3007214Google ScholarDigital Library
- Anita D'Amico, Kirsten Whitley, Daniel Tesone, Brianne O'Brien, and Emilie Roth. 2005. Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts. In Proceedings of the human factors and ergonomics society annual meeting, Vol. 49. SAGE Publications Sage CA: Los Angeles, CA, 229--233. https://doi.org/10.1177/154193120504900304Google ScholarCross Ref
- Claude Fachkha and Mourad Debbabi. 2015. Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization. IEEE Communications Surveys & Tutorials 18, 2 (2015), 1197--1227. https://doi.org/10.1109/COMST.2015.2497690Google ScholarDigital Library
- Sainadh Jamalpur, Yamini Sai Navya, Perla Raja, Gampala Tagore, and G. Rama Koteswara Rao. 2018. Dynamic Malware Analysis Using Cuckoo Sandbox. In Proceedings of the International Conference on Inventive Communication and Computational Technologies, ICICCT 2018. IEEE, 1056--1060. https://doi.org/10.1109/ICICCT.2018.8473346Google Scholar
- Kaspersky. 2019. What is a Trojan Virus? https://www.kaspersky.com/resource-center/threats/trojansGoogle Scholar
- Milica LekIĆ and Gordana GardaševIĆ. 2018. IoT sensor integration to Node-RED platform. In 2018 17th International Symposium INFOTEH-JAHORINA (INFOTEH). IEEE, 1--5. https://doi.org/10.1109/INFOTEH.2018.8345544Google ScholarCross Ref
- Charles Lim, Mario Marcello, Andrew Japar, Joshua Tommy, and I Eng Kho. 2014. Development of Distributed Honeypot Using Raspberry Pi. In International Conference on Information, Communication Technology and System.Google Scholar
- Mandiant. 2010. Indicator of Compromise. https://www.fireeye.com/blog/threat-research/2010/01/combat-apt-sharing-indicators-compromise.htmlGoogle Scholar
- Vasileios Mavroeidis and Siri Bromander. 2017. Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. In Proceedings - 2017 European Intelligence and Security Informatics Conference, EISIC 2017. IEEE, 91--98. https://doi.org/10.1109/EISIC.2017.20Google ScholarCross Ref
- Sadegh M Milajerdi, Birhanu Eshete, Rigel Gjomemo, and VN Venkatakrishnan. 2019. POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1795--1812. https://doi.org/10.1145/3319535.3363217Google ScholarDigital Library
- Mitre. 2018. Cyber Security Situation Awarenes. https://www.mitre.org/capabilities/cybersecurity/situation-awarenessGoogle Scholar
- J Paul Morrison. 2010. Flow-Based Programming, 2nd Edition: A New Approach to Application Development. CreateSpace. https://dl.acm.org/doi/book/10.5555/1859470Google Scholar
- Node-Red. 2016. A visual tool for wiring the Internet-of-Things. http://nodered.orgGoogle Scholar
- Jakub Safarik, MIroslav Voznak, Filip Rezac, Pavol Partila, and Karel Tomala. 2013. Automatic analysis of attack data from distributed honeypot network. In Mobile Multimedia/Image Processing, Security, and Applications 2013, Sos S. Agaian, Sabah A. Jassim, and Eliza Yingzi Du (Eds.), Vol. 8755. International Society for Optics and Photonics, SPIE, 248--254. https://doi.org/10.1117/12.2015514Google ScholarCross Ref
- Thomas Schaberreiter, Veronika Kupfersberger, Konstantinos Rantos, Arnolnt Spyros, Alexandros Papanikolaou, Christos Ilioudis, and Gerald Quirchmayr. 2019. A Quantitative Evaluation of Trust in the Quality of Cyber Threat Intelligence Sources. In Proceedings of the 14th International Conference on Availability, Reliability and Security (Canterbury, CA, United Kingdom) (ARES '19). Association for Computing Machinery, New York, NY, USA, Article 83, 10 pages. https://doi.org/10.1145/3339252.3342112Google ScholarDigital Library
- Purple Sec. 2019. Cyber Security Statistics For 2019. https://purplesec.us/resources/cyber-security-statistics/Google Scholar
- Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.Google Scholar
- L. Spitzner.2004. Honeypots: Catching the insider threat. In 19th Annual Computer Security Applications Conference, 2003. Proceedings. IEEE, IEEE, 170- 179. https://doi.org/10.1109/CSAC.2003.1254322Google ScholarCross Ref
- Blake E Strom, Andy Applebaum, Doug P Miller, Kathryn C Nickels, Adam G Pennington, and Cody B Thomas. 2018. MITRE ATT&CK™™: Design and Philosophy. Technical Report. MITRE. https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdfGoogle Scholar
- Guido Van Rossum et al. 2007. Python Programming Language. In USENIX Annual Technical Conference, Vol. 41. USENIX, 36. https://thereaderwiki.com/en/Python_programming_languageGoogle Scholar
- W3schools. 2017. JSON vs XML. https://www.w3schools.com/js/js_json_xml.aspGoogle Scholar
- Tarun Yadav and Arvind Mallari Rao. 2015. Technical Aspects of Cyber Kill Chain. In International Symposium on Security in Computing and Communication. Springer, 438--452. https://doi.org/10.1007/978-3-319-22915-7_40Google Scholar
- Shuofei Zhu, Jianjun Shi, Limin Yang, Boqin Qin, Ziyi Zhang, Linhai Song, and Gang Wang. 2020. Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines. In 29th USENIX Security Symposium USENIX Security 20. USENIX Association. https://www.usenix.org/conference/usenixsecurity20/presentation/zhuGoogle Scholar
Index Terms
- XT-Pot: eXposing Threat Category of Honeypot-based attacks
Recommendations
Assessment of Virtualization as a Sensor Technique
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic EngineeringThe explosive growth of malware development and the increasing sophistication of malware behavior require thatsecurity researchers be on the lookout for new vectors of attacks. Drive-by-downloads are among the types of attacks that are onthe rise. To ...
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the InternetMany of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
AbstractIntrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...
Comments