ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile.

Slides:



Advertisements
Similar presentations
A Comprehensive Study for RFID Malwares on Mobile Devices TBD.
Advertisements

Android architecture overview
ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
IBM Security Network Protection (XGS)
Stephen S. Yau CSE , Fall Security Strategies.
Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Case study 2 Android – Mobile OS.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.
Presentation By Deepak Katta
Android Introduction Platform Overview.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
Android Introduction Based on slides made by
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
BotNet Detection Techniques By Shreyas Sali
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Honeypot and Intrusion Detection System
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
PC Security: Antivirus Presentation done by Ming-Li Emily Chang (A2980) Raymond Chok (A2419)
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
KAIST CS710 컴퓨터구조 특강 유비쿼터스 네트워크와 보안 Syllabus Network & Security Lab.
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Created By. Jainik B Patel Prashant A Goswami Gujarat Vidyapith Computer Department Ahmedabad.
Cryptography and Network Security Sixth Edition by William Stallings.
Research Direction Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan 2010/10/211NTUIM OPLAB.
VMM Based Rootkit Detection on Android
NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Eric Van Horn Cosc 356.  Nearly every organization in todays era uses computers and a network to send, receive, and store information  Very important.
Team Electronics Automation & Machinery S-17, DLF Ind. Area, Phase-1, Sec-32, Faridabad ,
Android’s Malware Attack, Stealthiness and Defense: An Improvement Mohammad Ali, Humayun Ali and Zahid Anwar 2011 Frontiers of Information Technology.
Google. Android What is Android ? -Android is Linux Based OS -Designed for use on cell phones, e-readers, tablet PCs. -Android provides easy access to.
The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.
WELCOME Mobile Applications Testing
Android Mobile Application Development
Firmware threat Dhaval Chauhan MIS 534.
Barracuda Web Security Flex
Honeypot in Mobile Network Security
ANDROID AN OPEN HANDSET ALLIANCE PROJECT
Secure Software Confidentiality Integrity Data Security Authentication
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Algorithms for Big Data Delivery over the Internet of Things
CMPE419 Mobile Application Development
Security in Networking
Avira Antivirus Support via a Dedicated Helpline Number The antivirus software of Avira is recommended as a reliable as well as a proficient software security.
Call AVG Antivirus Support | Fix Your PC
Norton technical support Norton.com/Setup | Norton Setup and Install with Product Key Norton Antvirus Activation For protection against.
Contact Norton Antivirus | Norton Antivirus Support UK
A Grid-wide, High-fidelity Electrical Substation Honeynet
Internet of Things Vulnerabilities
Understanding Android Security
CMPE419 Mobile Application Development
Presentation transcript:

ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile Devices Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Max Mühlhäuser, Mihai Plasoianu, Lars Pandikow and Wulf Pfeiffer shankar.karuppayah@cased.de

Introduction Increasing number of cyber attacks Availability of open wireless access, e.g., airports, coffee shops Many mobile devices are used Malware propagation hub/medium Users blindly connect to these networks Defense mechanism usually known to users Firewall Antivirus Notifies AFTER being attacked © Jeremy Brooks, Flickr © Daniel Duclos, Flickr © Jeremey Keith, Flickr HosTaGe - a Low-Interaction Honeypot for Mobile Devices

© Calgary Reviews, Flickr Introduction (cont.) What else can the users use? Honeypots provide an early alert system Designed to be probed, attacked or compromised Emulate vulnerabilities Identify potential malware/attacker BEFORE an attack Requires dedicated machine/hardware (not portable) Honeypot-to-go A mobile (application) honeypot Easily accessible Analysis before connecting to a network © Calgary Reviews, Flickr HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Outline Requirements Architecture Proof-of-concept Performance analysis Limitations & Future work Conclusion HosTaGe - a Low-Interaction Honeypot for Mobile Devices

HosTaGe: A low-interaction honeypot for mobile devices Requirements Requirements Honeypot High interaction Low interaction 1. Visibility 2. Usability 3. Security & Containment 4. Min. Resource Utilization 5. Extendability & Interoperability Define Mobile Honeypot’s definition HosTaGe: A low-interaction honeypot for mobile devices HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Graphical User Interface (GUI) Architecture Logger SQLite database JSON format Text file Port Binder Android OS security policy prevents access to port < 1024 Work around needed HosTaGe Core Emulator: SMB, FTP, … Connection Guard Max connections Timeouts Graphical User Interface (GUI) Single glance overview Network security health indicator Usability Graphical User Interface (GUI) HosTaGe Core Extendability & Interoperability Visibility Emulator Logger Security & Containment Connection Guard Min. Resource Utilization Port Binder Protocol Emulation SMB FTP … Connection 1 Connection 2 … … Dalvik VM Linux Kernel HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Proof-of-concept Isolated testbed 3x Computers 1x HosTaGe 1x Wireless access point HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Proof-of-concept (cont.) HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Performance Analysis (cont.) Resource Utilization Automated attacks: 0-5 connection/30s 60 minutes Measured using PowerTutor [1] Other applications measured: WhatsApp Facebook AVG Free Antivirus HosTaGe Under Stress HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Limitations & Future Work Requirement of a rooted device i.e., access to ports < 1024 Malware specific behaviors: Influence detection efficiency, i.e., time required before detection Future Work Extending protocol(s) Call Home feature Geographical location attack mapping Enhancing HosTaGe, e.g., anti-fingerprinting Malware behavior.. Doesn’t affect if it’s a malicious user conducting scan and then attack HosTaGe - a Low-Interaction Honeypot for Mobile Devices

shankar.karuppayah@cased.de Conclusion Proposed the idea of Honeypot-to-go HosTaGe, first low-interaction honeypot for mobile devices Showed the feasibility of such a system Tool to boost security awareness On-the-go security analysis for network administrators Shankar Karuppayah, Doctoral Researcher CASED Mornewegstr. 32 64293 Darmstadt/Germany shankar.karuppayah@cased.de Phone +49 6151 16-3983 Fax +49 6151 16-3052 www.cased.de HosTaGe available at : http://www.tk.informatik.tu-darmstadt.de/de/research/secure-smart-infrastructures/hostage/ HosTaGe - a Low-Interaction Honeypot for Mobile Devices

References [1] M. Gordon, L. Zhang, B. Tiwana, R. Dick, Z. M. Mao, and L. Yang, “PowerTutor: A power monitor for android-based mobile platforms”, http://ziyang.eecs.umich.edu/projects/powertutor/, 2013. [2] C. Mulliner, S. Liebergeld, and M. Lange. “Poster : HoneyDroid - Creating a Smartphone Honeypot”. In IEEE Symposium on Security and Privacy (S&P), 2011. [3] M. Wählisch, T. C. Schmidt, A. Vorbach, C. Keil, J. Schönfelder, and J. Schiller. “Design, Implementation, and Operation of a Mobile Honeypot”. Technical report, 2013. [4] M. Wählisch, S. Trapp, C. Keil, J. Schönfelder, T. C. Schmidt, and J. Schiller. “First Insights from a Mobile Honeypot”. In ACM SIGCOMM conference on Applications, technologies, architectures, and protocols for computer communication, pages 305–306. ACM, 2012. [5] S. Antonatos, E. P. Markatos, and K. G. Anagnostakis. “Honey @ home : A New Approach to Large-Scale Threat Monitoring”. In ACM workshop on Recurring malcode, pages 38–45. ACM, 2007. HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.