Malware Capturing and Analysis using Dionaea Honeypot

Sethia, Vasu; Jeyasekar, A

doi:10.1109/ccst.2019.8888409

Cited by 25 publications

(11 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Even though high interaction honeypots provide a more realistic environment, thus capturing more data from the attacker, they introduce more risks to the testing environment, as well as require more resources. As such, considering the operational costs for the duration of our experiments, we used the docker images of the following tools for data collection and data analysis, namely: Dionaea [ 29 ]. A low-interaction honeypot, emulates HTTP, FTP, TFTP, SMB, MSSQL and VOIP, with support for TLS and IPv6.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

A Comparative Analysis of Honeypots on Different Cloud Platforms

Kelly

Pitropakis

Mylonas

et al. 2021

Sensors

View full text Add to dashboard Cite

In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to specialised cloud providers are clearly compelling. However, with such volumes of private and personal data being stored in cloud computing infrastructures, security concerns have risen. Motivated to monitor and analyze adversarial activities, we deploy multiple honeypots on the popular cloud providers, namely Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, and operate them in multiple regions. Logs were collected over a period of three weeks in May 2020 and then comparatively analysed, evaluated and visualised. Our work revealed heterogeneous attackers’ activity on each cloud provider, both when one considers the volume and origin of attacks, as well as the targeted services and vulnerabilities. Our results highlight the attempt of threat actors to abuse popular services, which were widely used during the COVID-19 pandemic for remote working, such as remote desktop sharing. Furthermore, the attacks seem to exit not only from countries that are commonly found to be the source of attacks, such as China, Russia and the United States, but also from uncommon ones such as Vietnam, India and Venezuela. Our results provide insights on the adversarial activity during our experiments, which can be used to inform the Situational Awareness operations of an organisation.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Dionaea [ 29 ]. A low-interaction honeypot, emulates HTTP, FTP, TFTP, SMB, MSSQL and VOIP, with support for TLS and IPv6.…”

Section: Methodsmentioning

confidence: 99%

A Comparative Analysis of Honeypots on Different Cloud Platforms

Kelly

Pitropakis

Mylonas

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…Tiny Honeypot [12] is a server-based honeypot, which listens to all Transmission Control Protocol (TCP) ports, logging all interaction activities. Dionaea [13] is written in Python and emulates the MQ Telemetry Transport (MQTT) protocol. Jackpot [12] is related to Simple Mail Transfer Protocol (SMTP) and aims to combat email spam.…”

Section: A Honeypot: a Security Trapmentioning

confidence: 99%

Strategic Honeypot Deployment in Ultra-Dense Beyond 5G Networks: A Reinforcement Learning Approach

Radoglou-Grammatikis

Sarigiannidis

Diamantoulakis

et al. 2024

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

The progression of Software Defined Networking (SDN) and the virtualisation technologies lead to the beyond 5G era, providing multiple benefits in the smart economies. However, despite the advantages, security issues still remain. In particular, SDN/NFV and cloud/edge computing are related to various security issues. Moreover, due to the wireless nature of the entities, they are prone to a wide range of cyberthreats. Therefore, the presence of appropriate intrusion detection mechanisms is critical. Although both Machine Learning (ML) and Deep Learning (DL) have optimised the typical rule-based detection systems, the use of ML and DL requires labelled pre-existing datasets. However, this kind of data varies based on the nature of the respective environment. Another smart solution for detecting intrusions is to use honeypots. A honeypot acts as a decoy with the goal to mislead the cyberatatcker and protect the real assets. In this paper, we focus on Wireless Honeypots (WHs) in ultradense networks. In particular, we introduce a strategic honeypot deployment method, using two Reinforcement Learning (RL) techniques: (a) e − Greedy and (b) Q − Learning. Both methods aim to identify the optimal number of honeypots that can be deployed for protecting the actual entities. The experimental results demonstrate the efficacy of both methods.

show abstract

“…In view of their properties and exercises, the malware is grouped. These groupings of malware and their conduct assist analysts with fostering a security system to keep an association from these sorts of destructive and pernicious exercises set off by the malware [26].…”

Section: Crypto-ransomware Approachmentioning

confidence: 99%

Ransomware: A Survey on Various Attacks and Defense Mechanisms

Gomathi¹,

Kumari²

2021

Proceedings of the First International Conference on Combinatorial and Optimization, ICCAP 2021, December 7-8 2021, Chennai, In

View full text Add to dashboard Cite

This paper examines various attacks and the techniques used in ransomware. Ransomware is a form of malicious software (malware) which make an alarm of revealing or denying access to the set of data or computer system, generally by encrypting them, waits till a ransom is paid by victim to the attacker. Ransomware attacks are all around normal nowadays. Cyber offenders attack an organization or a business or an individual those who come from all progress. Besides, a big part of the victims who pay the payment are probably going to experience the ill effects of rehash ransomware attacks, particularly in case it isn't cleaned from the framework. Ransomware was otherwise called "cryptoviral extortion," It is utilized to distinguish the weakness of the objective framework where there is the chance of malware attacks. Cryptowall-a ransomware attacker utilizes the methods ahead of time to penetrate PCs without knowing the person in question. The pernicious programming enters the PC by means of spam messages. Attackers have evolved progressively more innovative over time to time, demanding upgrades that are extremely impossible to track, which aids cybercriminals stay anonymous. In this paper, we look at the overall outline of various attacks and talked about the crypto-ware malware methodologies.

show abstract

Malware Capturing and Analysis using Dionaea Honeypot

Cited by 25 publications

References 4 publications

A Comparative Analysis of Honeypots on Different Cloud Platforms

A Comparative Analysis of Honeypots on Different Cloud Platforms

Strategic Honeypot Deployment in Ultra-Dense Beyond 5G Networks: A Reinforcement Learning Approach

Ransomware: A Survey on Various Attacks and Defense Mechanisms

Contact Info

Product

Resources

About