Daniel Fraunholz, Daniel Krohmer, H. Schotten, Carolina Nogueira
{"title":"介绍Falcom:一个用于工业和嵌入式应用的多功能高交互性蜜罐框架","authors":"Daniel Fraunholz, Daniel Krohmer, H. Schotten, Carolina Nogueira","doi":"10.1109/CyberSecPODS.2018.8560675","DOIUrl":null,"url":null,"abstract":"Falcom is a high-interaction honeypot that provides a full fledged operating system, maximizing its interaction with an attacker and aiming at embedded architectures. Since poorly secured embedded devices and Internet of Things applications form a profitable matrix for criminal activity, a deeper understanding of the existent risks is needed. Threat intelligence is crucial to increase the security in terms of prevention, detection and mitigation of attacks. Honeypots are a well establish technology that provide more insights about the behavior of adversaries by luring attacks into a monitored decoy. Any interaction with this decoy is suspicious and forwarded for further investigation. By analyzing the observed attack parameters it is possible to reveal recent trends, new attack vectors and ongoing intrusion attempts. Since embedded systems are the focus of the proposed honeypot, CPU architectures, as well as system resources are chosen to imitate embedded devices. In the reference implementation, the authentication mechanism is prone to brute-force and dictionary attacks.","PeriodicalId":387054,"journal":{"name":"2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Introducing Falcom: A Multifunctional High-Interaction Honeypot Framework for Industrial and Embedded Applications\",\"authors\":\"Daniel Fraunholz, Daniel Krohmer, H. Schotten, Carolina Nogueira\",\"doi\":\"10.1109/CyberSecPODS.2018.8560675\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Falcom is a high-interaction honeypot that provides a full fledged operating system, maximizing its interaction with an attacker and aiming at embedded architectures. Since poorly secured embedded devices and Internet of Things applications form a profitable matrix for criminal activity, a deeper understanding of the existent risks is needed. Threat intelligence is crucial to increase the security in terms of prevention, detection and mitigation of attacks. Honeypots are a well establish technology that provide more insights about the behavior of adversaries by luring attacks into a monitored decoy. Any interaction with this decoy is suspicious and forwarded for further investigation. By analyzing the observed attack parameters it is possible to reveal recent trends, new attack vectors and ongoing intrusion attempts. Since embedded systems are the focus of the proposed honeypot, CPU architectures, as well as system resources are chosen to imitate embedded devices. In the reference implementation, the authentication mechanism is prone to brute-force and dictionary attacks.\",\"PeriodicalId\":387054,\"journal\":{\"name\":\"2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)\",\"volume\":\"73 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSecPODS.2018.8560675\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecPODS.2018.8560675","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Introducing Falcom: A Multifunctional High-Interaction Honeypot Framework for Industrial and Embedded Applications
Falcom is a high-interaction honeypot that provides a full fledged operating system, maximizing its interaction with an attacker and aiming at embedded architectures. Since poorly secured embedded devices and Internet of Things applications form a profitable matrix for criminal activity, a deeper understanding of the existent risks is needed. Threat intelligence is crucial to increase the security in terms of prevention, detection and mitigation of attacks. Honeypots are a well establish technology that provide more insights about the behavior of adversaries by luring attacks into a monitored decoy. Any interaction with this decoy is suspicious and forwarded for further investigation. By analyzing the observed attack parameters it is possible to reveal recent trends, new attack vectors and ongoing intrusion attempts. Since embedded systems are the focus of the proposed honeypot, CPU architectures, as well as system resources are chosen to imitate embedded devices. In the reference implementation, the authentication mechanism is prone to brute-force and dictionary attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
