Self-Adaptive Honeypots Coercing and Assessing Attacker Behaviour

摘要: Information security communities are always talking about "attackers" or "blackhats", but in reality very little is known their skills. The idea of studying attacker behaviors was pioneered the early nineties. In last decade number attacks has increased exponentially and honeypots were introduced order to gather information attackers develop early-warning systems. Honeypots come different flavors with respect interaction potential. A honeypot can be restrictive, this implies only a few interactions. However, if tolerant, quickly achieve goal. Choosing best trade-off between freedom restrictions challenging. dissertation, we address issue self-adaptive that change behavior lure into revealing as much possible themselves. Rather than being allowed simply carry out attacks, challenged by strategic interference from adaptive honeypots. observation attackers' reactions particularly interesting and, using derived measurable criteria, attacker's skills capabilities assessed operator. Attackers enter sequences inputs on compromised system which generic enough characterize most behaviors. Based these principles, formally model interactions system. key leverage game-theoretic concepts define configuration reciprocal actions high-interaction We have also leveraged machine learning techniques for task developed uses variant reinforcement arrive at when facing attackers. capable adopting behavioral strategies vary blocking commands returning erroneous messages, right up insults aim irritate intruder serve reverse Turing Test distinguishing human machines. Our experimental results show dependent contextual parameters advanced building blocks intelligent knowledge obtained used either themselves reconfigure low-interaction