Related papers: Salty Seagull: A VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks

Salty Seagull: A VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks

URL: http://arxiv.org/abs/2508.11325v1
Date: Fri, 15 Aug 2025 08:51:25 GMT
Title: Salty Seagull: A VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks
Authors: Georgios Michail Makrakis, Jeroen Pijpker, Remco Hassing, Rob Loves, Stephen McCombie,
Abstract summary: We present Salty Seagull, a honeynet conceived to simulate a VSAT system for ships.<n>Based on existing vulnerabilities, we purposefully integrate them into our system to increase attacker engagement.<n>Results show that while numerous generic attacks have been attempted, only one curious attacker with knowledge of the nature of the system managed to access it.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Cyber threats against the maritime industry have increased notably in recent years, highlighting the need for innovative cybersecurity approaches. Ships, as critical assets, possess highly specialized and interconnected network infrastructures, where their legacy systems and operational constraints further exacerbate their vulnerability to cyberattacks. To better understand this evolving threat landscape, we propose the use of cyber-deception techniques and in particular honeynets, as a means to gather valuable insights into ongoing attack campaigns targeting the maritime sector. In this paper we present Salty Seagull, a honeynet conceived to simulate a VSAT system for ships. This environment mimics the operations of a functional VSAT system onboard and, at the same time, enables a user to interact with it through a Web dashboard and a CLI environment. Furthermore, based on existing vulnerabilities, we purposefully integrate them into our system to increase attacker engagement. We exposed our honeynet for 30 days to the Internet to assess its capability and measured the received interaction. Results show that while numerous generic attacks have been attempted, only one curious attacker with knowledge of the nature of the system and its vulnerabilities managed to access it, without however exploring its full potential.

Related papers

Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
arXiv Detail & Related papers (2025-09-19T04:10:52Z)
A Sea of Cyber Threats: Maritime Cybersecurity from the Perspective of Mariners [11.0069835329933]
Maritime systems, including ships and ports, are critical components of global infrastructure.<n>Recent attacks disrupting Maersk, one of the world's largest shipping companies, caused widespread impacts on international trade.<n>Despite the sector's importance, maritime cybersecurity remains underexplored, leaving significant gaps in understanding its challenges and risks.
arXiv Detail & Related papers (2025-06-18T19:45:35Z)
CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
arXiv Detail & Related papers (2025-06-12T12:22:45Z)
Modern DDoS Threats and Countermeasures: Insights into Emerging Attacks and Detection Strategies [49.57278643040602]
Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure.<n>This paper offers a comprehensive survey of emerging DDoS attacks and detection strategies over the past decade.
arXiv Detail & Related papers (2025-02-27T11:22:25Z)
Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z)
Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
arXiv Detail & Related papers (2024-09-24T03:17:51Z)
Maritime Cybersecurity: A Comprehensive Review [8.406766604243163]
Maritime cybersecurity refers to the protection of computer systems and digital assests within the maritime industry. In this survey, we aim to identify the significant domains of maritime cybersecurity and measure their effectiveness. A multi-dimensional taxonomy of maritime cyber attacks is presented, offering insights into threat actors, motivations, and impacts. We have evaluated various security solutions, from integrated solutions to component specific solutions.
arXiv Detail & Related papers (2024-09-09T07:30:48Z)
TwinPot: Digital Twin-assisted Honeypot for Cyber-Secure Smart Seaports [13.49717874638757]
Digital Twin (DT) technology can be employed to increase the complexity and simulation fidelity of the honeypots. We propose a DT-assisted honeypot, called TwinPot, for external attacks in smart seaports. We show that our solution successfully detects internal and external attacks.
arXiv Detail & Related papers (2023-10-19T16:35:28Z)
Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots [0.0]
Security Orchestration, Automation, and Response (SOAR) Engine dynamically deploys custom honeypots inside the internal network infrastructure based on the attacker's behavior. The presence of botnet traffic and DDOS attacks on the honeypots in the network is detected, along with a malware collection system.
arXiv Detail & Related papers (2022-01-14T07:57:12Z)
Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z)
TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z)
Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.