Blind Attack Flaws in Adaptive Honeypot Strategies

2021 IEEE World AI IoT Congress (AIIoT) Pub Date : 2021-05-10 DOI:10.1109/AIIoT52608.2021.9454206

Muath A. Obaidat, Joseph Brown, Awny Alnusair

{"title":"Blind Attack Flaws in Adaptive Honeypot Strategies","authors":"Muath A. Obaidat, Joseph Brown, Awny Alnusair","doi":"10.1109/AIIoT52608.2021.9454206","DOIUrl":null,"url":null,"abstract":"Adaptive honeypots are being widely proposed as a more powerful alternative to the traditional honeypot model. Just as with typical honeypots, however, one of the most important concerns of an adaptive honeypot is environment deception in order to make sure an adversary cannot fingerprint the honeypot. The threat of fingerprinting hints at a greater underlying concern, however; this being that honeypots are only effective because an adversary does not know that the environment on which they are operating is a honeypot. What has not been widely discussed in the context of adaptive honeypots is that they actually have an inherently increased level of susceptibility to this threat. Honeypots not only bear increased risks when an adversary knows they are a honeypot rather than a native system, but they are only effective as adaptable entities if one does not know that the honeypot environment they are operating on is adaptive as wekk. Thus, if adaptive honeypots become commonplace - or, instead, if attackers even have an inkling that an adaptive honeypot may exist on any given network, a new attack which could develop is a “blind confusion attack”; a form of connection which simply makes an assumption all environments are adaptive honeypots, and instead of attempting to perform a malicious strike on a given entity, opts to perform non-malicious behavior in specified and/or random patterns to confuse an adaptive network's learning.","PeriodicalId":443405,"journal":{"name":"2021 IEEE World AI IoT Congress (AIIoT)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE World AI IoT Congress (AIIoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AIIoT52608.2021.9454206","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Adaptive honeypots are being widely proposed as a more powerful alternative to the traditional honeypot model. Just as with typical honeypots, however, one of the most important concerns of an adaptive honeypot is environment deception in order to make sure an adversary cannot fingerprint the honeypot. The threat of fingerprinting hints at a greater underlying concern, however; this being that honeypots are only effective because an adversary does not know that the environment on which they are operating is a honeypot. What has not been widely discussed in the context of adaptive honeypots is that they actually have an inherently increased level of susceptibility to this threat. Honeypots not only bear increased risks when an adversary knows they are a honeypot rather than a native system, but they are only effective as adaptable entities if one does not know that the honeypot environment they are operating on is adaptive as wekk. Thus, if adaptive honeypots become commonplace - or, instead, if attackers even have an inkling that an adaptive honeypot may exist on any given network, a new attack which could develop is a “blind confusion attack”; a form of connection which simply makes an assumption all environments are adaptive honeypots, and instead of attempting to perform a malicious strike on a given entity, opts to perform non-malicious behavior in specified and/or random patterns to confuse an adaptive network's learning.

查看原文本刊更多论文

自适应蜜罐策略中的盲攻击缺陷

自适应蜜罐作为传统蜜罐模型的一种更强大的替代方案被广泛提出。然而，就像典型的蜜罐一样，自适应蜜罐最重要的问题之一是环境欺骗，以确保对手无法对蜜罐进行指纹识别。然而，指纹识别的威胁暗示了一个更大的潜在担忧;也就是说，蜜罐之所以有效，是因为对手不知道他们所处的环境就是一个蜜罐。在适应性蜜罐的背景下，没有被广泛讨论的是，它们实际上对这种威胁具有固有的更高的易感性。当攻击者知道它们是一个蜜罐而不是一个本地系统时，蜜罐不仅会承担更大的风险，而且只有当人们不知道它们所操作的蜜罐环境具有较弱的适应性时，它们才会作为适应性实体有效。因此，如果自适应蜜罐变得司空见惯——或者，相反，如果攻击者甚至有迹象表明自适应蜜罐可能存在于任何给定的网络中，一种新的攻击可能会发展为“盲混淆攻击”;一种连接形式，它简单地假设所有环境都是自适应蜜罐，而不是试图对给定实体执行恶意攻击，而是选择在指定和/或随机模式下执行非恶意行为，以混淆自适应网络的学习。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE World AI IoT Congress (AIIoT)

自引率

0.00%

发文量