Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Theses and Dissertations
  • 1. Thesis and Dissertation Collection, all items
  • View Item
  •   Calhoun Home
  • Theses and Dissertations
  • 1. Thesis and Dissertation Collection, all items
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

LEARNING CYBERATTACK PATTERNS WITH ACTIVE HONEYPOTS

Thumbnail
Download
Icon18Sep_Chong_Koh.pdf (3.441Mb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Chong, Wai Hoe
Koh, Chong Khai Roger
Date
2018-09
Advisor
Rowe, Neil C.
Second Reader
Fulp, John D.
Metadata
Show full item record
Abstract
Honeypots can detect new attacks and vulnerabilities like zero-day exploits, based on an attacker’s behavior. Existing honeypots, however, are typically passive in nature and poor at detecting new and complex attacks like those carried out by state-sponsored actors. Deception is a commonly used tactic in conventional military operations, but it is rarely used in cyberspace. In this thesis, we implemented “active honeypots,” which incorporate deception into honeypot responses. In five phases of testing, we incorporated deception techniques such as fake files, defensive camouflage, delays, and false excuses into a Web honeypot built with SNARE and TANNER software, and an SSH honeypot built with Cowrie software. Our experiments sought to investigate how cyberattackers respond to the deception techniques. Our results showed that most attackers performed only vulnerability scanning and fingerprinting of our honeypots. Some appeared to be performing horizontal scanning, accessing both honeypots in the same phase. We found that the attackers were primarily non-interactive and did not respond to customized deception. We also observed that attackers who established a non-interactive session might be unable to exit the session without external intervention. Thus, we can delay to penalize these attackers. We also discovered that some attackers used unusual means of transferring files to the SSH server, and we recommend exploring how deception can be used against such techniques.
Rights
Copyright is reserved by the copyright owner.
Copyright is reserved by the copyright owner.
URI
https://hdl.handle.net/10945/60377
Collections
  • 1. Thesis and Dissertation Collection, all items
  • 2. NPS Outstanding Theses and Dissertations

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    Testing deceptive honeypots 

    Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);
    Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ...
  • Thumbnail

    Deception in defense of computer systems from cyber-attack 

    Rowe, Neil C. (Monterey, California. Naval Postgraduate School, 2007);
    While computer systems can be quite susceptible to deception by attackers, deception by defenders has increasingly been investigated in recent years. Military history has classic examples of defensive deceptions, but not ...
  • Thumbnail

    Fake Honeypots: A Defensive Tactic for Cyberspace 

    Rowe, Neil C.; Duong, Binh T.; Custy, E. John (Monterey, California. Naval Postgraduate School, 2006-06);
    Cyber-attackers are becoming more aware of honeypots. They generally want to avoid honeypots since it is hard to spread attacks from them, attacks are thoroughly monitored on them, and some honeypots contain planted false ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.