SlideShare une entreprise Scribd logo

Development and Technical Challenges of Honeypot Technology

Antiy Labs
Antiy Labs
Technologie
1  sur  33
Development, Confusion and Exploration of Honeypot Technology Seak Antiy Labs
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
What is a Honeypot? • A honeypot is a security resource that can be scanned , attacked and compromised. —Lance Spiztner
1990-1998: Early Days • In 1990, The Cuckoo’s Egg was published. • Network administrators started using honeypots. • Physical System
1998-2000: Rapid Development • Open source tools are used to induce attackers • DTK( Fred Cohen ) • Honeyd(Niels Provos) • Honeypot products: KFSensor, Specter • Virtual Honeypots
Fred Cohen • The first master in antivirus field • First used the term “virus” • Diagonal Method
2000-2006: Prosperous Period • Since 2000, security researchers tended to use real hosts, operating systems and apps to build honeypots. They also integrated data capture, data analysis and data control systems to security tools. • main channels to collect samples
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
Categories • Deploy Purposes – Security products – Research • Intensity of Interaction – High intensity – Low intensity
Honeypots of High Interaction Intensity • Honeywall CDROM • Sebek: • HoneyBow
Honeypots of Low Interaction Intensity • Nepenthes • Honeyd: • Honeytrap: Honeypot using wireless nodes
Client Honeypots • Capture-HPC • HoneyC
Data Analysis Tool • Honeysnap
Some Open Source Systems
Some Open Source Systems
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
Security Threats • DEP can protect users quite well. Until now, there hasn’t any Windows system services targeted attacks that can bypass DEP. • Static format overflow, browser and other clients based attacks become the mainstream. • The basic working principle of honeypots are seriously threatened.
Core Challenges • Honeypots simulates targets, and then waits for attackers ‘ malicious operations. • The main attack links are not IP dominated, which makes the situation much more complicated. Attacks are becoming less specifically targeted.
Report All Activities • Typical report system: OSLoader, drivers, services, processes, modules and IE plug-ins. • Report large quantities of files + record data frequency + determine as yet unknown malware + automatic analysis system
Representative Distributive Report System • Eset(NOD32)ThreatSense.Net • ArrectNET • Rising “Cloud” Project • 360safe process report system
Challenges • Large quantities of desktop security products and clients • Actual activities • Zero cost of devices and hardware resources • Zero cost of distributive computation
Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
Trend: Sample Cultivation • Web drive-by download • Why do we cultivate samples? (incomplete extraction, frequent changes) • Main sources of sample cultivation
Sample Cultivation and Analysis System • Research of automatic behavior and signature extraction: Antiy Labs, Peking University, Tsinghua University • Research of automatic file in large quantities: Antiy Labs, National “863” anti-intrusion and antivirus center, South China Normal University
Research of automatic behavior and signature extraction Signature Virus Antiy Labs File Signature extraction detection Peking Platform Result of static and recognition/unpack analysis University various engines Static analysis Online analysis Malware Malicious behavior Report on service Samples Flow Chart (CFG) behavior recognition analysis Function Call Graph API Call Sequence Various Families/categories information Dynamic Peking Analysis report Analysis Peking Universit Application-level University y Report on Sandbox Behavior analysis network Network behavior behavior Network signature Network extraction signature Tsinghua University 2012年11月5日 25
Wind-catcher Plan • Wind-catcher plan: a non-profit honeypot deploy project initiated by Antiy in 2006; • The plan contains 3 periods: • Wind-catcher I: improve the national basic capture system • Wind-catcher II: cooperate with universities • Wind-catcher III: target at civil researchers and report nodes
Wind-catcher I: ARM Virtual Honeypot • Demonstration • Circuit design • Software system
Telecom-level Honeypot: Honey Pool 2008-07-07 28
Management System
Wind-catcher II: Honeypot Alliance • Antiy cooperates with Harbin Institute of Technology; Tsinghua University and Wuhan University. • Deploy 3-5 wind-catcher II honeypots in the universities, share data, and provide basic data for information science research.
Wind-catcher III: ADSL Honeypot • Small-sized honeypot gateway with dual network cards; • Can be placed between the use's system and the ADSL Modem
Honeybot • Security application of NPC; • Simulate the target value, induce attacks; • Integrate with traditional system.
Creation in Our Wake • We appreciate your suggestions. • seak@antiy.net

Recommandé

Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Brain gate technology
Brain gate technologyBrain gate technology
Brain gate technologyStudent
 
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14AMD Developer Central
 

Recommandé

Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Brain gate technology
Brain gate technologyBrain gate technology
Brain gate technologyStudent
 
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14
Vertex Shader Tricks by Bill Bilodeau - AMD at GDC14AMD Developer Central
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Control Area Network
Control Area NetworkControl Area Network
Control Area Networkvenkat thangella
 
WIND CATCHER MAX
WIND CATCHER MAXWIND CATCHER MAX
WIND CATCHER MAXPavel Lelyukh
 
IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.Ashik Ask
 
From Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsFrom Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsAlessandro Alinone
 
Magneto optic current transformer
Magneto optic current transformerMagneto optic current transformer
Magneto optic current transformerAishwary Verma
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Presentation on Smart Textile
Presentation on Smart TextilePresentation on Smart Textile
Presentation on Smart TextileShawan Roy
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Satrack
SatrackSatrack
SatrackSonal Patil
 
Daknet Technology
Daknet TechnologyDaknet Technology
Daknet TechnologyAranta Chatterjee
 
Daknet ppt
Daknet pptDaknet ppt
Daknet pptArvind Singh Rajpurohit
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
fingerprint technology
fingerprint technologyfingerprint technology
fingerprint technologyVishwasJangra
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Chipolo technical seminar for ece
Chipolo technical seminar for eceChipolo technical seminar for ece
Chipolo technical seminar for ecemanikanta1339
 
RAIN TECHNOLOGY
RAIN TECHNOLOGYRAIN TECHNOLOGY
RAIN TECHNOLOGY127r1a05h9
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...KIRAN DAS VAISHNAV
 
Track and Trace Solution Details
Track and Trace Solution DetailsTrack and Trace Solution Details
Track and Trace Solution DetailsPropix Technologies
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 

Contenu connexe

En vedette

IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.Ashik Ask
 
From Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsFrom Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsAlessandro Alinone
 
Magneto optic current transformer
Magneto optic current transformerMagneto optic current transformer
Magneto optic current transformerAishwary Verma
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Presentation on Smart Textile
Presentation on Smart TextilePresentation on Smart Textile
Presentation on Smart TextileShawan Roy
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
fingerprint technology
fingerprint technologyfingerprint technology
fingerprint technologyVishwasJangra
 
Chipolo technical seminar for ece
Chipolo technical seminar for eceChipolo technical seminar for ece
Chipolo technical seminar for ecemanikanta1339
 
RAIN TECHNOLOGY
RAIN TECHNOLOGYRAIN TECHNOLOGY
RAIN TECHNOLOGY127r1a05h9
 
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...KIRAN DAS VAISHNAV
 

En vedette (20)

Honeypot
HoneypotHoneypot
Honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 
Control Area Network
Control Area NetworkControl Area Network
Control Area Network
 
WIND CATCHER MAX
WIND CATCHER MAXWIND CATCHER MAX
WIND CATCHER MAX
 
IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.IBOC (In Band On Channel) Technology for DIgital Radio.
IBOC (In Band On Channel) Technology for DIgital Radio.
 
From Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSocketsFrom Push Technology to Real-Time Messaging and WebSockets
From Push Technology to Real-Time Messaging and WebSockets
 
Magneto optic current transformer
Magneto optic current transformerMagneto optic current transformer
Magneto optic current transformer
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Presentation on Smart Textile
Presentation on Smart TextilePresentation on Smart Textile
Presentation on Smart Textile
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Satrack
SatrackSatrack
Satrack
 
Daknet Technology
Daknet TechnologyDaknet Technology
Daknet Technology
 
Daknet ppt
Daknet pptDaknet ppt
Daknet ppt
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
fingerprint technology
fingerprint technologyfingerprint technology
fingerprint technology
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Chipolo technical seminar for ece
Chipolo technical seminar for eceChipolo technical seminar for ece
Chipolo technical seminar for ece
 
RAIN TECHNOLOGY
RAIN TECHNOLOGYRAIN TECHNOLOGY
RAIN TECHNOLOGY
 
Honeypots
HoneypotsHoneypots
Honeypots
 
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
NATURAL VENTILATION LITERATURE AND CASE STUDY IN INDIA (DISSERTATION OF THESI...
 

Similaire à Development and Technical Challenges of Honeypot Technology

Track and Trace Solution Details
Track and Trace Solution DetailsTrack and Trace Solution Details
Track and Trace Solution DetailsPropix Technologies
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Liming Zhu
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
 
20111104 s4 overview
20111104 s4 overview20111104 s4 overview
20111104 s4 overviewLeo Neumeyer
 
February 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryFebruary 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryJohn Wang
 
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp0224 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02Smals
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 
Siddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing ImplementationsSiddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing ImplementationsSrinath Perera
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance
 
Sybase Complex Event Processing
Sybase Complex Event ProcessingSybase Complex Event Processing
Sybase Complex Event ProcessingSybase Türkiye
 
Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18Brad Doebbeling
 
Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).Mindtree Ltd.
 
Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0Christos Kannas
 
SANS Log Management 1
SANS Log Management 1SANS Log Management 1
SANS Log Management 1laurenfortune
 
Bringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potentialBringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potentialAdrian Hornsby
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefingNaba Barkakati
 
Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Liming Zhu
 

Similaire à Development and Technical Challenges of Honeypot Technology (20)

Track and Trace Solution Details
Track and Trace Solution DetailsTrack and Trace Solution Details
Track and Trace Solution Details
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology Selection
 
20111104 s4 overview
20111104 s4 overview20111104 s4 overview
20111104 s4 overview
 
February 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscoveryFebruary 2010 8 Things You Cant Afford To Ignore About eDiscovery
February 2010 8 Things You Cant Afford To Ignore About eDiscovery
 
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp0224 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011
 
Siddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing ImplementationsSiddhi: A Second Look at Complex Event Processing Implementations
Siddhi: A Second Look at Complex Event Processing Implementations
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISP
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
 
Sybase Complex Event Processing
Sybase Complex Event ProcessingSybase Complex Event Processing
Sybase Complex Event Processing
 
Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18Chir F2 F Mrsa 2011 10 18
Chir F2 F Mrsa 2011 10 18
 
Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).Scalable Computing Labs (SCL).
Scalable Computing Labs (SCL).
 
Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0Granatum_LiSIs_BIBE_2012_presentation_v4.0
Granatum_LiSIs_BIBE_2012_presentation_v4.0
 
SANS Log Management 1
SANS Log Management 1SANS Log Management 1
SANS Log Management 1
 
Bringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potentialBringing Wireless Sensing to its full potential
Bringing Wireless Sensing to its full potential
 
Biz model for ion proton dna sequencer
Biz model for ion proton dna sequencerBiz model for ion proton dna sequencer
Biz model for ion proton dna sequencer
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefing
 
Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments
 

Plus de Antiy Labs

Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewAntiy Labs
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought Antiy Labs
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection SystemAntiy Labs
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesAntiy Labs
 
Embeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityEmbeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityAntiy Labs
 

Plus de Antiy Labs (8)

Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial View
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network Identity
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
 
Embeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityEmbeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularity
 

Dernier

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Dernier (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Development and Technical Challenges of Honeypot Technology

  • 1. Development, Confusion and Exploration of Honeypot Technology Seak Antiy Labs
  • 2. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 3. What is a Honeypot? • A honeypot is a security resource that can be scanned , attacked and compromised. —Lance Spiztner
  • 4. 1990-1998: Early Days • In 1990, The Cuckoo’s Egg was published. • Network administrators started using honeypots. • Physical System
  • 5. 1998-2000: Rapid Development • Open source tools are used to induce attackers • DTK( Fred Cohen ) • Honeyd(Niels Provos) • Honeypot products: KFSensor, Specter • Virtual Honeypots
  • 6. Fred Cohen • The first master in antivirus field • First used the term “virus” • Diagonal Method
  • 7. 2000-2006: Prosperous Period • Since 2000, security researchers tended to use real hosts, operating systems and apps to build honeypots. They also integrated data capture, data analysis and data control systems to security tools. • main channels to collect samples
  • 8. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 9. Categories • Deploy Purposes – Security products – Research • Intensity of Interaction – High intensity – Low intensity
  • 10. Honeypots of High Interaction Intensity • Honeywall CDROM • Sebek: • HoneyBow
  • 11. Honeypots of Low Interaction Intensity • Nepenthes • Honeyd: • Honeytrap: Honeypot using wireless nodes
  • 14. Some Open Source Systems
  • 15. Some Open Source Systems
  • 16. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 17. Security Threats • DEP can protect users quite well. Until now, there hasn’t any Windows system services targeted attacks that can bypass DEP. • Static format overflow, browser and other clients based attacks become the mainstream. • The basic working principle of honeypots are seriously threatened.
  • 18. Core Challenges • Honeypots simulates targets, and then waits for attackers ‘ malicious operations. • The main attack links are not IP dominated, which makes the situation much more complicated. Attacks are becoming less specifically targeted.
  • 19. Report All Activities • Typical report system: OSLoader, drivers, services, processes, modules and IE plug-ins. • Report large quantities of files + record data frequency + determine as yet unknown malware + automatic analysis system
  • 20. Representative Distributive Report System • Eset(NOD32)ThreatSense.Net • ArrectNET • Rising “Cloud” Project • 360safe process report system
  • 21. Challenges • Large quantities of desktop security products and clients • Actual activities • Zero cost of devices and hardware resources • Zero cost of distributive computation
  • 22. Outline • Development of Honeypots • Status Quo of Honeypots • Technical Challenges • Exploration and Outlook
  • 23. Trend: Sample Cultivation • Web drive-by download • Why do we cultivate samples? (incomplete extraction, frequent changes) • Main sources of sample cultivation
  • 24. Sample Cultivation and Analysis System • Research of automatic behavior and signature extraction: Antiy Labs, Peking University, Tsinghua University • Research of automatic file in large quantities: Antiy Labs, National “863” anti-intrusion and antivirus center, South China Normal University
  • 25. Research of automatic behavior and signature extraction Signature Virus Antiy Labs File Signature extraction detection Peking Platform Result of static and recognition/unpack analysis University various engines Static analysis Online analysis Malware Malicious behavior Report on service Samples Flow Chart (CFG) behavior recognition analysis Function Call Graph API Call Sequence Various Families/categories information Dynamic Peking Analysis report Analysis Peking Universit Application-level University y Report on Sandbox Behavior analysis network Network behavior behavior Network signature Network extraction signature Tsinghua University 2012年11月5日 25
  • 26. Wind-catcher Plan • Wind-catcher plan: a non-profit honeypot deploy project initiated by Antiy in 2006; • The plan contains 3 periods: • Wind-catcher I: improve the national basic capture system • Wind-catcher II: cooperate with universities • Wind-catcher III: target at civil researchers and report nodes
  • 27. Wind-catcher I: ARM Virtual Honeypot • Demonstration • Circuit design • Software system
  • 28. Telecom-level Honeypot: Honey Pool 2008-07-07 28
  • 30. Wind-catcher II: Honeypot Alliance • Antiy cooperates with Harbin Institute of Technology; Tsinghua University and Wuhan University. • Deploy 3-5 wind-catcher II honeypots in the universities, share data, and provide basic data for information science research.
  • 31. Wind-catcher III: ADSL Honeypot • Small-sized honeypot gateway with dual network cards; • Can be placed between the use's system and the ADSL Modem
  • 32. Honeybot • Security application of NPC; • Simulate the target value, induce attacks; • Integrate with traditional system.
  • 33. Creation in Our Wake • We appreciate your suggestions. • seak@antiy.net