Presentation is loading. Please wait.

Presentation is loading. Please wait.

An IoT Honeypot Device for Malware Forensics

Published byMervin Chambers Modified over 5 years ago

Similar presentations

Presentation on theme: "An IoT Honeypot Device for Malware Forensics"— Presentation transcript:

1 An IoT Honeypot Device for Malware Forensics
Jingyu Tencent Anti-Virus Lab Fan Tsinghua University

2 About Speakers Jingyu YANG Fan DANG Tencent Anti-Virus Lab
HaboMalHunter Malware Analysis IoT Security Research Fan DANG Tsinghua University NFC & IoT Security Research

3 Outline Introduction Architecture Implementation Case Study Conclusion

4 Introduction High Interaction vs. Low Interaction
Traditional Honeypots vs. IoT Honeypots Challenges in IoT environment

5 Interaction Why interaction matters?
Measures the capability of a honeypot More interaction, more knowledge More interaction, more risks

6 Interaction Low Interaction Honeypots High Interaction Honeypots
Limited interaction; normally work by emulating Limited to capturing mainly known attacks Easy to deploy High Interaction Honeypots Involve real operating systems Attackers are given everything Vulnerable

7 Shell / Video Streaming
Traditional vs IoT Traditional IoT Architecture x86 / x86-64 Heterogeneity Service Web / Shell Shell / Video Streaming Deployment Cloud Computing Physical (HIH)

8 Challenges Heterogeneity architectures Deployment
LIH: Lack of knowledge HIH: Hard to emulate Deployment Expensive Difficult

9 Architecture Access Layer Storage Layer View Layer Backend Execution
MongoDB API Provider Web Management System Evidence Requests Log Collector Load Balancer

10 Load Balancer SSH Agent Port Proxy Telnet Agent Others
More Information Accuracy Malicious Actions More Secure Threats Impact Port Proxy SSH Agent Telnet Agent Others

11 Technical Challenge How to Forward IP of Real Attackers
Hpfeeds Protocol Publish & Subscribe TCP Connection Pair How to Forward IP of Real Attackers

12 Yet Another SSH Honeypot
Design Principles Hardware Based Design Embedded Linux System Monitoring Malicious Actions Traditional Design (Cowrie) Virtual Environment Python Process Command Emulation

13 Raspberry PI 3

14 Technical Challenges Re-Initialization Response to Hardware Failure

15 Relay

16 Case Study Pivoting Attack root:admin File less Network
ssh -D ./DoSAttack --sock5 localhost:18080 Target Pivoting Attack File less Network Dynamic port forwarding

17 Pivoting Attack

18 Why Hardware Solution Accurate Information Immune for Anti-Honeypot
CPUs Diversity

19 Hardware Based Solution
Conclusion IoT Environment HIH Hardware Based Solution SSH Honeypot

20 Acknowledgements Authors Tencent Tsinghua University
Jingyu YANG, Jie LI, Chen GENG, Zhao LIU, Guize LIU, Jinsong MA Tsinghua University Fan DANG, Yongfeng ZHANG, Prof. Zhenhua LI

21 References https://github.com/tencent/habomalhunter
paper-pa.pdf networks-showcase-iot-honeypot-research-black-hat-2017/ direct-tcp-forward-attack.html

22 Thank you very much :)

Download ppt "An IoT Honeypot Device for Malware Forensics"

Similar presentations

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Network Systems Sales LLC

Network Systems Sales LLC
A Comprehensive Study for RFID Malwares on Mobile Devices TBD.

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.
By: Colby Shifflett Dr. Grossman Computer Science 420 12/01/2009.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
IT 210 The Internet & World Wide Web introduction.

IT 210 The Internet & World Wide Web introduction.
Computation for Physics 計算物理概論 Introduction to Linux.

Computation for Physics 計算物理概論 Introduction to Linux.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Www.infotech.monash.edu.au Presented by Xiaoyu Qin 21637881 Virtualized Access Control & Firewall Virtualization.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Similar presentations

Ads by Google