Security Orchestration, Automation, and Response Engine for Deployment
of Behavioural Honeypots
- URL: http://arxiv.org/abs/2201.05326v1
- Date: Fri, 14 Jan 2022 07:57:12 GMT
- Title: Security Orchestration, Automation, and Response Engine for Deployment
of Behavioural Honeypots
- Authors: Upendra Bartwal, Subhasis Mukhopadhyay, Rohit Negi, Sandeep Shukla
- Abstract summary: Security Orchestration, Automation, and Response (SOAR) Engine dynamically deploys custom honeypots inside the internal network infrastructure based on the attacker's behavior.
The presence of botnet traffic and DDOS attacks on the honeypots in the network is detected, along with a malware collection system.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Cyber Security is a critical topic for organizations with IT/OT networks as
they are always susceptible to attack, whether insider or outsider. Since the
cyber landscape is an ever-evolving scenario, one must keep upgrading its
security systems to enhance the security of the infrastructure. Tools like
Security Information and Event Management (SIEM), Endpoint Detection and
Response (EDR), Threat Intelligence Platform (TIP), Information Technology
Service Management (ITSM), along with other defensive techniques like Intrusion
Detection System (IDS), Intrusion Protection System (IPS), and many others
enhance the cyber security posture of the infrastructure. However, the proposed
protection mechanisms have their limitations, they are insufficient to ensure
security, and the attacker penetrates the network. Deception technology, along
with Honeypots, provides a false sense of vulnerability in the target systems
to the attackers. The attacker deceived reveals threat intel about their modus
operandi. We have developed a Security Orchestration, Automation, and Response
(SOAR) Engine that dynamically deploys custom honeypots inside the internal
network infrastructure based on the attacker's behavior. The architecture is
robust enough to support multiple VLANs connected to the system and used for
orchestration. The presence of botnet traffic and DDOS attacks on the honeypots
in the network is detected, along with a malware collection system. After being
exposed to live traffic for four days, our engine dynamically orchestrated the
honeypots 40 times, detected 7823 attacks, 965 DDOS attack packets, and three
malicious samples. While our experiments with static honeypots show an average
attacker engagement time of 102 seconds per instance, our SOAR Engine-based
dynamic honeypots engage attackers on average 3148 seconds.
Related papers
- Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
We introduce a novel Mixture-of-Experts (MoE)-based SemCom system.
This system comprises a gating network and multiple experts, each specializing in different security challenges.
The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements.
A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
arXiv Detail & Related papers (2024-09-24T03:17:51Z) - Security Testbed for Preempting Attacks against Supercomputing Infrastructure [1.9097277955963794]
This paper describes a security testbed embedded in live traffic of a supercomputer at the National Center for Supercomputing Applications.
The objective is to demonstrate attack textitpreemption, i.e., stopping system compromise and data breaches at petascale supercomputers.
arXiv Detail & Related papers (2024-09-15T03:42:47Z) - TwinPot: Digital Twin-assisted Honeypot for Cyber-Secure Smart Seaports [13.49717874638757]
Digital Twin (DT) technology can be employed to increase the complexity and simulation fidelity of the honeypots.
We propose a DT-assisted honeypot, called TwinPot, for external attacks in smart seaports.
We show that our solution successfully detects internal and external attacks.
arXiv Detail & Related papers (2023-10-19T16:35:28Z) - When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures.
We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN.
Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
arXiv Detail & Related papers (2023-06-09T14:33:26Z) - Honeypot Implementation in a Cloud Environment [0.0]
This thesis presents a honeypot solution to investigate malicious activities in heiCLOUD.
To detect attackers in restricted network zones at Heidelberg University, a new concept to discover leaks in the firewall will be created.
A customized OpenSSH server that works as an intermediary instance will be presented.
arXiv Detail & Related papers (2023-01-02T15:02:54Z) - Synthesis of Adversarial DDOS Attacks Using Tabular Generative
Adversarial Networks [0.0]
New types of attacks stand out as the technology of attacks keep evolving.
One of these attacks are the attacks based on Generative Adversarial Networks (GAN) that can evade machine learning IDS leaving them vulnerable.
This project investigates the impact of the Adversarial Attacks synthesized using real DDoS attacks generated using GANs on the IDS.
arXiv Detail & Related papers (2022-12-14T18:55:04Z) - Looking Beyond IoCs: Automatically Extracting Attack Patterns from
External CTI [3.871148938060281]
LADDER is a framework that can extract text-based attack patterns from cyberthreat intelligence reports at scale.
We present several use cases to demonstrate the application of LADDER in real-world scenarios.
arXiv Detail & Related papers (2022-11-01T12:16:30Z) - Few-Shot Backdoor Attacks on Visual Object Tracking [80.13936562708426]
Visual object tracking (VOT) has been widely adopted in mission-critical applications, such as autonomous driving and intelligent surveillance systems.
We show that an adversary can easily implant hidden backdoors into VOT models by tempering with the training process.
We show that our attack is resistant to potential defenses, highlighting the vulnerability of VOT models to potential backdoor attacks.
arXiv Detail & Related papers (2022-01-31T12:38:58Z) - Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the
Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers.
We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions.
We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.