SlideShare a Scribd company logo

Development and Technical Challenges of Honeypot Technology

Antiy Labs
Antiy Labs
Technology
1 of 33
Development, Confusion and Exploration of Honeypot Technology Seak Antiy Labs
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
What is a Honeypot? • A honeypot is a security resource that can be scanned , attacked and compromised. —Lance Spiztner
1990-1998: Early Days • In 1990, The Cuckoo’s Egg was published. • Network administrators started using honeypots. • Physical System
1998-2000: Rapid Development • Open source tools are used to induce attackers • DTK( Fred Cohen ) • Honeyd(Niels Provos) • Honeypot products: KFSensor, Specter • Virtual Honeypots
Fred Cohen • The first master in antivirus field • First used the term “virus” • Diagonal Method
2000-2006: Prosperous Period • Since 2000, security researchers tended to use real hosts, operating systems and apps to build honeypots. They also integrated data capture, data analysis and data control systems to security tools. • main channels to collect samples
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
Categories • Deploy Purposes – Security products – Research • Intensity of Interaction – High intensity – Low intensity
Honeypots of High Interaction Intensity • Honeywall CDROM • Sebek: • HoneyBow
Honeypots of Low Interaction Intensity • Nepenthes • Honeyd: • Honeytrap: Honeypot using wireless nodes
Client Honeypots • Capture-HPC • HoneyC
Data Analysis Tool • Honeysnap
Some Open Source Systems
Some Open Source Systems
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
Security Threats • DEP can protect users quite well. Until now, there hasn’t any Windows system services targeted attacks that can bypass DEP. • Static format overflow, browser and other clients based attacks become the mainstream. • The basic working principle of honeypots are seriously threatened.
Core Challenges • Honeypots simulates targets, and then waits for attackers ‘ malicious operations. • The main attack links are not IP dominated, which makes the situation much more complicated. Attacks are becoming less specifically targeted.
Report All Activities • Typical report system: OSLoader, drivers, services, processes, modules and IE plug-ins. • Report large quantities of files + record data frequency + determine as yet unknown malware + automatic analysis system
Representative Distributive Report System • Eset(NOD32)ThreatSense.Net • ArrectNET • Rising “Cloud” Project • 360safe process report system
Challenges • Large quantities of desktop security products and clients • Actual activities • Zero cost of devices and hardware resources • Zero cost of distributive computation
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
Trend: Sample Cultivation • Web drive-by download • Why do we cultivate samples? (incomplete extraction, frequent changes) • Main sources of sample cultivation
Sample Cultivation and Analysis System • Research of automatic behavior and signature extraction: Antiy Labs, Peking University, Tsinghua University • Research of automatic file in large quantities: Antiy Labs, National “863” anti-intrusion and antivirus center, South China Normal University
Research of automatic behavior and signature extraction Signature Virus Antiy Labs File Signature extraction detection Peking Platform Result of static and recognition/unpack analysis University various engines Static analysis Online analysis Malware Malicious behavior Report on service Samples Flow Chart (CFG) behavior recognition analysis Function Call Graph API Call Sequence Various Families/categories information Dynamic Peking Analysis report Analysis Peking Universit Application-level University y Report on Sandbox Behavior analysis network Network behavior behavior Network signature Network extraction signature Tsinghua University 2012年11月5日 25
Wind-catcher Plan • Wind-catcher plan: a non-profit honeypot deploy project initiated by Antiy in 2006; • The plan contains 3 periods: • Wind-catcher I: improve the national basic capture system • Wind-catcher II: cooperate with universities • Wind-catcher III: target at civil researchers and report nodes
Wind-catcher I: ARM Virtual Honeypot • Demonstration • Circuit design • Software system
Telecom-level Honeypot: Honey Pool 2008-07-07 28
Management System
Wind-catcher II: Honeypot Alliance • Antiy cooperates with Harbin Institute of Technology; Tsinghua University and Wuhan University. • Deploy 3-5 wind-catcher II honeypots in the universities, share data, and provide basic data for information science research.
Wind-catcher III: ADSL Honeypot • Small-sized honeypot gateway with dual network cards; • Can be placed between the use's system and the ADSL Modem
Honeybot • Security application of NPC; • Simulate the target value, induce attacks; • Integrate with traditional system.
Creation in Our Wake • We appreciate your suggestions. • seak@antiy.net

Recommended

Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Brain gate technology
Brain gate technologyBrain gate technology
Brain gate technologyStudent
 
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14AMD Developer Central
 

Recommended

Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Brain gate technology
Brain gate technologyBrain gate technology
Brain gate technologyStudent
 
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14AMD Developer Central
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Control Area Network
Control Area NetworkControl Area Network
Control Area Networkvenkat thangella
 
WIND CATCHER MAX
WIND CATCHER MAXWIND CATCHER MAX
WIND CATCHER MAXPavel Lelyukh
 
IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.Ashik Ask
 
From Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsFrom Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsAlessandro Alinone
 
Magneto optic current transformer
Magneto optic current transformerMagneto optic current transformer
Magneto optic current transformerAishwary Verma
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Presentation on Smart Textile
Presentation on Smart TextilePresentation on Smart Textile
Presentation on Smart TextileShawan Roy
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Satrack
SatrackSatrack
SatrackSonal Patil
 
Daknet Technology
Daknet TechnologyDaknet Technology
Daknet TechnologyAranta Chatterjee
 
Daknet ppt
Daknet pptDaknet ppt
Daknet pptArvind Singh Rajpurohit
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
fingerprint technology
fingerprint technologyfingerprint technology
fingerprint technologyVishwasJangra
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Chipolo technical seminar for ece
Chipolo technical seminar for eceChipolo technical seminar for ece
Chipolo technical seminar for ecemanikanta1339
 
RAIN TECHNOLOGY
RAIN TECHNOLOGYRAIN TECHNOLOGY
RAIN TECHNOLOGY127r1a05h9
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...KIRAN DAS VAISHNAV
 
Track and Trace Solution Details
Track and Trace Solution DetailsTrack and Trace Solution Details
Track and Trace Solution DetailsPropix Technologies
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 

More Related Content

Viewers also liked

IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.Ashik Ask
 
From Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsFrom Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsAlessandro Alinone
 
Magneto optic current transformer
Magneto optic current transformerMagneto optic current transformer
Magneto optic current transformerAishwary Verma
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Presentation on Smart Textile
Presentation on Smart TextilePresentation on Smart Textile
Presentation on Smart TextileShawan Roy
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
fingerprint technology
fingerprint technologyfingerprint technology
fingerprint technologyVishwasJangra
 
Chipolo technical seminar for ece
Chipolo technical seminar for eceChipolo technical seminar for ece
Chipolo technical seminar for ecemanikanta1339
 
RAIN TECHNOLOGY
RAIN TECHNOLOGYRAIN TECHNOLOGY
RAIN TECHNOLOGY127r1a05h9
 
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...KIRAN DAS VAISHNAV
 

Viewers also liked (20)

Honeypot
HoneypotHoneypot
Honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 
Control Area Network
Control Area NetworkControl Area Network
Control Area Network
 
WIND CATCHER MAX
WIND CATCHER MAXWIND CATCHER MAX
WIND CATCHER MAX
 
IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.
 
From Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsFrom Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSockets
 
Magneto optic current transformer
Magneto optic current transformerMagneto optic current transformer
Magneto optic current transformer
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Presentation on Smart Textile
Presentation on Smart TextilePresentation on Smart Textile
Presentation on Smart Textile
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Satrack
SatrackSatrack
Satrack
 
Daknet Technology
Daknet TechnologyDaknet Technology
Daknet Technology
 
Daknet ppt
Daknet pptDaknet ppt
Daknet ppt
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
fingerprint technology
fingerprint technologyfingerprint technology
fingerprint technology
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Chipolo technical seminar for ece
Chipolo technical seminar for eceChipolo technical seminar for ece
Chipolo technical seminar for ece
 
RAIN TECHNOLOGY
RAIN TECHNOLOGYRAIN TECHNOLOGY
RAIN TECHNOLOGY
 
Honeypots
HoneypotsHoneypots
Honeypots
 
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
 

Similar to Development and Technical Challenges of Honeypot Technology

Track and Trace Solution Details
Track and Trace Solution DetailsTrack and Trace Solution Details
Track and Trace Solution DetailsPropix Technologies
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Liming Zhu
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
 
20111104 s4 overview
20111104 s4 overview20111104 s4 overview
20111104 s4 overviewLeo Neumeyer
 
February 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryFebruary 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryJohn Wang
 
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp0224 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02Smals
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 
Siddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing ImplementationsSiddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing ImplementationsSrinath Perera
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance
 
Sybase Complex Event Processing
Sybase Complex Event ProcessingSybase Complex Event Processing
Sybase Complex Event ProcessingSybase Türkiye
 
Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18Brad Doebbeling
 
Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).Mindtree Ltd.
 
Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0Christos Kannas
 
SANS Log Management 1
SANS Log Management 1SANS Log Management 1
SANS Log Management 1laurenfortune
 
Bringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potentialBringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potentialAdrian Hornsby
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefingNaba Barkakati
 
Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Liming Zhu
 

Similar to Development and Technical Challenges of Honeypot Technology (20)

Track and Trace Solution Details
Track and Trace Solution DetailsTrack and Trace Solution Details
Track and Trace Solution Details
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology Selection
 
20111104 s4 overview
20111104 s4 overview20111104 s4 overview
20111104 s4 overview
 
February 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryFebruary 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscovery
 
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp0224 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011
 
Siddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing ImplementationsSiddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing Implementations
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISP
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
 
Sybase Complex Event Processing
Sybase Complex Event ProcessingSybase Complex Event Processing
Sybase Complex Event Processing
 
Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18
 
Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).
 
Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0
 
SANS Log Management 1
SANS Log Management 1SANS Log Management 1
SANS Log Management 1
 
Bringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potentialBringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potential
 
Biz model for ion proton dna sequencer
Biz model for ion proton dna sequencerBiz model for ion proton dna sequencer
Biz model for ion proton dna sequencer
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefing
 
Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments
 

More from Antiy Labs

Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewAntiy Labs
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought Antiy Labs
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection SystemAntiy Labs
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesAntiy Labs
 
Embeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityEmbeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityAntiy Labs
 

More from Antiy Labs (8)

Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial View
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network Identity
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
 
Embeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityEmbeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularity
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Development and Technical Challenges of Honeypot Technology

  • 1. Development, Confusion and Exploration of Honeypot Technology Seak Antiy Labs
  • 2. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 3. What is a Honeypot? • A honeypot is a security resource that can be scanned , attacked and compromised. —Lance Spiztner
  • 4. 1990-1998: Early Days • In 1990, The Cuckoo’s Egg was published. • Network administrators started using honeypots. • Physical System
  • 5. 1998-2000: Rapid Development • Open source tools are used to induce attackers • DTK( Fred Cohen ) • Honeyd(Niels Provos) • Honeypot products: KFSensor, Specter • Virtual Honeypots
  • 6. Fred Cohen • The first master in antivirus field • First used the term “virus” • Diagonal Method
  • 7. 2000-2006: Prosperous Period • Since 2000, security researchers tended to use real hosts, operating systems and apps to build honeypots. They also integrated data capture, data analysis and data control systems to security tools. • main channels to collect samples
  • 8. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 9. Categories • Deploy Purposes – Security products – Research • Intensity of Interaction – High intensity – Low intensity
  • 10. Honeypots of High Interaction Intensity • Honeywall CDROM • Sebek: • HoneyBow
  • 11. Honeypots of Low Interaction Intensity • Nepenthes • Honeyd: • Honeytrap: Honeypot using wireless nodes
  • 14. Some Open Source Systems
  • 15. Some Open Source Systems
  • 16. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 17. Security Threats • DEP can protect users quite well. Until now, there hasn’t any Windows system services targeted attacks that can bypass DEP. • Static format overflow, browser and other clients based attacks become the mainstream. • The basic working principle of honeypots are seriously threatened.
  • 18. Core Challenges • Honeypots simulates targets, and then waits for attackers ‘ malicious operations. • The main attack links are not IP dominated, which makes the situation much more complicated. Attacks are becoming less specifically targeted.
  • 19. Report All Activities • Typical report system: OSLoader, drivers, services, processes, modules and IE plug-ins. • Report large quantities of files + record data frequency + determine as yet unknown malware + automatic analysis system
  • 20. Representative Distributive Report System • Eset(NOD32)ThreatSense.Net • ArrectNET • Rising “Cloud” Project • 360safe process report system
  • 21. Challenges • Large quantities of desktop security products and clients • Actual activities • Zero cost of devices and hardware resources • Zero cost of distributive computation
  • 22. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 23. Trend: Sample Cultivation • Web drive-by download • Why do we cultivate samples? (incomplete extraction, frequent changes) • Main sources of sample cultivation
  • 24. Sample Cultivation and Analysis System • Research of automatic behavior and signature extraction: Antiy Labs, Peking University, Tsinghua University • Research of automatic file in large quantities: Antiy Labs, National “863” anti-intrusion and antivirus center, South China Normal University
  • 25. Research of automatic behavior and signature extraction Signature Virus Antiy Labs File Signature extraction detection Peking Platform Result of static and recognition/unpack analysis University various engines Static analysis Online analysis Malware Malicious behavior Report on service Samples Flow Chart (CFG) behavior recognition analysis Function Call Graph API Call Sequence Various Families/categories information Dynamic Peking Analysis report Analysis Peking Universit Application-level University y Report on Sandbox Behavior analysis network Network behavior behavior Network signature Network extraction signature Tsinghua University 2012年11月5日 25
  • 26. Wind-catcher Plan • Wind-catcher plan: a non-profit honeypot deploy project initiated by Antiy in 2006; • The plan contains 3 periods: • Wind-catcher I: improve the national basic capture system • Wind-catcher II: cooperate with universities • Wind-catcher III: target at civil researchers and report nodes
  • 27. Wind-catcher I: ARM Virtual Honeypot • Demonstration • Circuit design • Software system
  • 28. Telecom-level Honeypot: Honey Pool 2008-07-07 28
  • 30. Wind-catcher II: Honeypot Alliance • Antiy cooperates with Harbin Institute of Technology; Tsinghua University and Wuhan University. • Deploy 3-5 wind-catcher II honeypots in the universities, share data, and provide basic data for information science research.
  • 31. Wind-catcher III: ADSL Honeypot • Small-sized honeypot gateway with dual network cards; • Can be placed between the use's system and the ADSL Modem
  • 32. Honeybot • Security application of NPC; • Simulate the target value, induce attacks; • Integrate with traditional system.
  • 33. Creation in Our Wake • We appreciate your suggestions. • seak@antiy.net