poster

Poster: Toward Dynamic, Session-Preserving, Transition from Low to High Interaction Honeypots

Author:

Jaime C. AcostaAuthors Info & Claims

SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies

Pages 255 - 257

https://doi.org/10.1145/3532105.3535035

Published: 08 June 2022 Publication History

Get Access

Abstract

Honeypots are technologies aimed at thwarting adversaries by instituting attractive services that are inconsequential to the legitimate objectives of a network. Low-interaction honeypots are lightweight, but provide a limited representation of real services, while high-interaction honeypots can mimic entire systems and services, but their computational costs are expensive, and are not always viable solutions, especially in constrained environments. This work is investigating the feasibility of being able to start with a low-interaction network service and then transitioning to a high-interaction service on-the-fly. During this transition, there should be no observable distinction from the perspective of a connecting client. This paper describes ongoing work that demonstrates a basic prototype with such a capability, specifically showing that a simple Netcat listener process can dynamically transition to a full NGINX server dynamically and without severing an active TCP session.

References

[1]

Jaime C Acosta, Anjon Basak, Christopher Kiekintveld, and Charles A Kamhoua. 2021. Lightweight On-demand Honeypot Deployment for Cyber Deception. In The 12th EAI International Conference on Digital Forensics & Cyber Crime (EAI ICDF2C), Singapore.

Google Scholar

[2]

Jaime C Acosta, Anjon Basak, Christopher Kiekintveld, Nandi Leslie, and Charles Kamhoua. 2020. Cybersecurity Deception Experimentation System. In 2020 IEEE Secure Development (SecDev). IEEE, 34--40.

Google Scholar

[3]

Mehmet Vefa Bicakci and Thomas Kunz. 2012. TCP-Freeze: Beneficial for virtual machine live migration with IP address change?. In 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC). IEEE, 136--141.

Crossref

Google Scholar

[4]

CRIU. Accessed: April 13, 2022. Checkpoing Restore in Userspace. https://criu.org/Main_Page.

Google Scholar

[5]

Derek DeJonghe. 2020. Nginx CookBook. O'Reilly Media.

Google Scholar

[6]

FIREEYE. 2019, Accessed: March 31, 2022. Red Team Operations (RTO). https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/pf/ms/ds-red-team-operations.pdf.

Google Scholar

[7]

Giovanni Giacobbi. 2014. "The GNU Netcat Project.". URL http://netcat.sourceforge.net (2014).

Google Scholar

[8]

Jessica Lynn Jungwirth. 2020. High-Fidelity Adaptive Deception and Emulation System (HADES) DOE PACT Virtual Showcase. Technical Report. Sandia National Lab.(SNL-NM), Albuquerque, NM (United States).

Google Scholar

[9]

R Rohith, Minal Moharir, G Shobha, et al. 2018. SCAPY-A powerful interactive packet manipulation program. In 2018 international conference on networking, embedded and wireless systems (ICNEWS). IEEE, 1--5.

Google Scholar

[10]

Franco Travostino, Paul Daspit, Leon Gommans, Chetan Jog, Cees De Laat, Joe Mambretti, Inder Monga, Bas Van Oudenaarde, Satish Raghunath, and Phil Yonghui Wang. 2006. Seamless live migration of virtual machines over the MAN/WAN. Future Generation Computer Systems 22, 8 (2006), 901--907.

Digital Library

Google Scholar

[11]

Adityas Widjajarto, Deden Witarsyah Jacob, and Muharman Lubis. 2021. Live migration using checkpoint and restore in userspace (CRIU): Usage analysis of network, memory and CPU. Bulletin of Electrical Engineering and Informatics 10, 2 (2021), 837--847.

Crossref

Google Scholar

Cited By

View all

Noman HAbu-Sharkh ONoman S(2024)Log Poisoning Attacks in IoT: Methodologies, Evasion, Detection, Mitigation, and Criticality AnalysisIEEE Access10.1109/ACCESS.2024.343838312(118295-118314)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3438383
Zhang YShi Y(2023)Constructing Dynamic Honeypot Using Machine LearningProceedings of the 8th International Conference on Cyber Security and Information Engineering10.1145/3617184.3618056(116-120)Online publication date: 28-Dec-2023
https://doi.org/10.1145/3617184.3618056

Index Terms

Poster: Toward Dynamic, Session-Preserving, Transition from Low to High Interaction Honeypots
1. Security and privacy
  1. Network security

Recommendations

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots
Information and Communications Security
Abstract
Autonomous spreading malware in the form of worms or bots has become a severe threat in today’s Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop ...
Collecting autonomous spreading malware using high-interaction honeypots
ICICS'07: Proceedings of the 9th international conference on Information and communications security

Autonomous spreading malware in the form of worms or bots has become a severe threat in today's Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop ...
Heat-seeking honeypots: design and experience
WWW '11: Proceedings of the 20th international conference on World wide web

Many malicious activities on the Web today make use of compromised Web servers, because these servers often have high pageranks and provide free resources. Attackers are therefore constantly searching for vulnerable servers. In this work, we aim to ...

Comments

Information & Contributors

Information

Published In

SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies

June 2022

282 pages

ISBN:9781450393577

DOI:10.1145/3532105

General Chair:
Sven Dietrich
City University of New York
,
Program Chairs:
Omar Chowdhury
The University of Iowa
,
Daniel Takabi
Georgia State University

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 June 2022

Check for updates

Author Tags

Qualifiers

Poster

Conference

SACMAT '22

Sponsor:

SIGSAC

SACMAT '22: The 27th ACM Symposium on Access Control Models and Technologies

June 8 - 10, 2022

NY, New York, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
98
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Noman HAbu-Sharkh ONoman S(2024)Log Poisoning Attacks in IoT: Methodologies, Evasion, Detection, Mitigation, and Criticality AnalysisIEEE Access10.1109/ACCESS.2024.343838312(118295-118314)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3438383
Zhang YShi Y(2023)Constructing Dynamic Honeypot Using Machine LearningProceedings of the 8th International Conference on Cyber Security and Information Engineering10.1145/3617184.3618056(116-120)Online publication date: 28-Dec-2023
https://doi.org/10.1145/3617184.3618056

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

Collecting autonomous spreading malware using high-interaction honeypots

Heat-seeking honeypots: design and experience

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations