The cyber defenses of Critical Infrastructures require early detection of new threats and attacks. This includes defensive systems that are able to learn from novel attacks and to detect 0-day vulnerabilities as early as possible. Honeypots are not defensive systems based on prevention, but they still represent an effective way to gather information about attacks from the source. Nevertheless, most existing solutions operate in a stateless way. As a consequence, they are easily identified by expert attackers, and they are unable to track progress of individual attacks in large applications. We propose a novel approach that enables a so called stateful honeypot. The idea comes from the observation that a typical cyber attack to a Critical Infrastructure is carried out through multiple attempts and intrusions. Hence the main goal is to fingerprint each attacker by observing and registering his adopted methods, tools and actions. Once identified, the adversary is redirected to his specific environment that preserves the history of his previous operations including the installation of rootkits or backdoors. The proposed solution paves the way to a more effective generation of honeypots that are necessary to face the augmented complexity of cyber attacks.

Adversarial fingerprinting of cyber attacks based on stateful honeypots / Cantelli-Forti, A.; Colajanni, M.. - (2018), pp. 19-24. (Intervento presentato al convegno 2018 International Conference on Computational Science and Computational Intelligence, CSCI 2018 tenutosi a usa nel 2018) [10.1109/CSCI46756.2018.00012].

Adversarial fingerprinting of cyber attacks based on stateful honeypots

Colajanni M.
2018

Abstract

The cyber defenses of Critical Infrastructures require early detection of new threats and attacks. This includes defensive systems that are able to learn from novel attacks and to detect 0-day vulnerabilities as early as possible. Honeypots are not defensive systems based on prevention, but they still represent an effective way to gather information about attacks from the source. Nevertheless, most existing solutions operate in a stateless way. As a consequence, they are easily identified by expert attackers, and they are unable to track progress of individual attacks in large applications. We propose a novel approach that enables a so called stateful honeypot. The idea comes from the observation that a typical cyber attack to a Critical Infrastructure is carried out through multiple attempts and intrusions. Hence the main goal is to fingerprint each attacker by observing and registering his adopted methods, tools and actions. Once identified, the adversary is redirected to his specific environment that preserves the history of his previous operations including the installation of rootkits or backdoors. The proposed solution paves the way to a more effective generation of honeypots that are necessary to face the augmented complexity of cyber attacks.
2018
2018 International Conference on Computational Science and Computational Intelligence, CSCI 2018
usa
2018
19
24
Cantelli-Forti, A.; Colajanni, M.
Adversarial fingerprinting of cyber attacks based on stateful honeypots / Cantelli-Forti, A.; Colajanni, M.. - (2018), pp. 19-24. (Intervento presentato al convegno 2018 International Conference on Computational Science and Computational Intelligence, CSCI 2018 tenutosi a usa nel 2018) [10.1109/CSCI46756.2018.00012].
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1200674
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact