An IoT Honeypot Device for Malware Forensics

Slides:

Advertisements

Similar presentations

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Advertisements

Network Systems Sales LLC

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

The Most Analytical and Comprehensive Defense Network in a Box.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

IT 210 The Internet & World Wide Web introduction.

Computation for Physics 計算物理概論 Introduction to Linux.

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

The Most Analytical and Comprehensive Defense Network in a Box.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Module 10: How Middleboxes Impact Performance

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored.

Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.

Cloud Computing – UNIT - II. VIRTUALIZATION Virtualization Hiding the reality The mantra of smart computing is to intelligently hide the reality Binary->

DCS230 Centralized or Decentralized Data Transfer Prof. Nalini Venkatasubramanian -Myung Guk Lee -YunHo Huh -Abhinav.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Data Center Automation using Python

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

SOURCE:2014 IEEE 17TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING AUTHER: MINGLIU LIU, DESHI LI, HAILI MAO SPEAKER: JIAN-MING HONG.

CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Advanced Network Labs & Remote Network Agent

Barracuda SSL VPN 2012.

Accessing the VI-SEEM infrastructure

IoT Security Part 2, The Malware

Denial of Service detection and mitigation on GENI

Barracuda Web Security Flex

Top 5 Open Source Firewall Software for Linux User

Modern Honey Net An Introduction.

Institute for Cyber Security

Vonage use of Cloud-based Communication

Domain 4 – Communication and Network Security

Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.

Virtualization & Security real solutions

Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.

Honeypots and Honeynets

Securing Cloud-Native Applications Jason Schmitt CEO

Sweetening Your Threat Intelligence with Automated Honeypots

Network Function Virtualization: Challenges and

Li Yang, Carson Woods (University of Tennessee at Chattanooga

Intrusion Prevention Systems

Firewalls Jiang Long Spring 2002.

CIPSEC Framework components: XL-SIEM

Network hardening Chapter 14.

IoT in Healthcare: Life or Death

Cleaning Up the Internet of Evil Things

Presentation transcript:

An IoT Honeypot Device for Malware Forensics Jingyu YANG@ Tencent Anti-Virus Lab Fan DANG@ Tsinghua University 2017.12.08

About Speakers Jingyu YANG Fan DANG Tencent Anti-Virus Lab HaboMalHunter Malware Analysis IoT Security Research Fan DANG Tsinghua University NFC & IoT Security Research 2017.12.08

Outline Introduction Architecture Implementation Case Study Conclusion 2017.12.08

Introduction High Interaction vs. Low Interaction Traditional Honeypots vs. IoT Honeypots Challenges in IoT environment 2017.12.08

Interaction Why interaction matters? Measures the capability of a honeypot More interaction, more knowledge More interaction, more risks 2017.12.08

Interaction Low Interaction Honeypots High Interaction Honeypots Limited interaction; normally work by emulating Limited to capturing mainly known attacks Easy to deploy High Interaction Honeypots Involve real operating systems Attackers are given everything Vulnerable 2017.12.08

Shell / Video Streaming Traditional vs IoT Traditional IoT Architecture x86 / x86-64 Heterogeneity Service Web / Shell Shell / Video Streaming Deployment Cloud Computing Physical (HIH) 2017.12.08

Challenges Heterogeneity architectures Deployment LIH: Lack of knowledge HIH: Hard to emulate Deployment Expensive Difficult 2017.12.08

Architecture Access Layer Storage Layer View Layer Backend Execution MongoDB API Provider Web Management System Evidence Requests Log Collector Load Balancer 2017.12.08

Load Balancer SSH Agent Port Proxy Telnet Agent Others More Information Accuracy Malicious Actions More Secure Threats Impact Port Proxy SSH Agent Telnet Agent Others 2017.12.08

Technical Challenge How to Forward IP of Real Attackers Hpfeeds Protocol Publish & Subscribe TCP Connection Pair How to Forward IP of Real Attackers 2017.12.08

Yet Another SSH Honeypot Design Principles Hardware Based Design Embedded Linux System Monitoring Malicious Actions Traditional Design (Cowrie) Virtual Environment Python Process Command Emulation 2017.12.08

Raspberry PI 3 2017.12.08

Technical Challenges Re-Initialization Response to Hardware Failure 2017.12.08

Relay 2017.12.08

Case Study Pivoting Attack root:admin File less Network ssh -D 18080 user@IoT ./DoSAttack --sock5 localhost:18080 Target Pivoting Attack File less Network Dynamic port forwarding 2017.12.08

Pivoting Attack 2017.12.08

Why Hardware Solution Accurate Information Immune for Anti-Honeypot CPUs Diversity 2017.12.08

Hardware Based Solution Conclusion IoT Environment HIH Hardware Based Solution SSH Honeypot 2017.12.08

Acknowledgements Authors Tencent Tsinghua University Jingyu YANG, Jie LI, Chen GENG, Zhao LIU, Guize LIU, Jinsong MA Tsinghua University Fan DANG, Yongfeng ZHANG, Prof. Zhenhua LI 2017.12.08

References https://github.com/tencent/habomalhunter https://github.com/threatstream/mhn https://github.com/threatstream/hpfeeds https://www.usenix.org/system/files/conference/woot15/woot15- paper-pa.pdf https://researchcenter.paloaltonetworks.com/2017/07/palo-alto- networks-showcase-iot-honeypot-research-black-hat-2017/ http://blog.malwaremustdie.org/2017/02/mmd-0062-2017-ssh- direct-tcp-forward-attack.html 2017.12.08

Thank you very much :) 2017.12.08