Deep Down the Rabbit Hole: On References in Networks of Decoy Elements
Authors:
Daniel Reti,
Daniel Fraunholz,
Janis Zemitis,
Daniel Schneider,
Hans Dieter Schotten
Abstract:
Deception technology has proven to be a sound approach against threats to information systems. Aside from well-established honeypots, decoy elements, also known as honeytokens, are an excellent method to address various types of threats. Decoy elements are causing distraction and uncertainty to an attacker and help detecting malicious activity. Deception is meant to be complementing firewalls and…
▽ More
Deception technology has proven to be a sound approach against threats to information systems. Aside from well-established honeypots, decoy elements, also known as honeytokens, are an excellent method to address various types of threats. Decoy elements are causing distraction and uncertainty to an attacker and help detecting malicious activity. Deception is meant to be complementing firewalls and intrusion detection systems. Particularly insider threats may be mitigated with deception methods. While current approaches consider the use of multiple decoy elements as well as context-sensitivity, they do not sufficiently describe a relationship between individual elements. In this work, inter-referencing decoy elements are introduced as a plausible extension to existing deception frameworks, leading attackers along a path of decoy elements. A theoretical foundation is introduced, as well as a stochastic model and a reference implementation. It was found that the proposed system is suitable to enhance current decoy frameworks by adding a further dimension of inter-connectivity and therefore improve intrusion detection and prevention.
△ Less
Submitted 8 April, 2021;
originally announced April 2021.
Highly Scalable and Flexible Model for Effective Aggregation of Context-based Data in Generic IIoT Scenarios
Authors:
Simon Duque Anton,
Daniel Fraunholz,
Janis Zemitis,
Frederic Pohl,
Hans Dieter Schotten
Abstract:
Interconnectivity of production machines is a key feature of the Industrial Internet of Things (IIoT). This feature allows for many advantages in producing. Configuration and maintenance gets easier, as access to the given production unit is not necessarily coupled to physical presence. Customized production of goods is easily possible, reducing production times and increasing throughput. There ar…
▽ More
Interconnectivity of production machines is a key feature of the Industrial Internet of Things (IIoT). This feature allows for many advantages in producing. Configuration and maintenance gets easier, as access to the given production unit is not necessarily coupled to physical presence. Customized production of goods is easily possible, reducing production times and increasing throughput. There are, however, also dangers to the increasing talkativeness of industrial production machines. The more open a system is, the more points of entry for an attacker exist. Furthermore, the amount of data a production site also increases rapidly due to the integrated intelligence and interconnectivity. To keep track of this data in order to detect attacks and errors in the production site, it is necessary to smartly aggregate and evaluate the data. In this paper, we present a new approach for collecting, aggregating and analysing data from different sources and on three different levels of abstraction. Our model is event-centric, considering every occurrence of information inside the system as an event. In the lowest level of abstraction, singular packets are collected, correlated with log-entries and analysed. On the highest level of abstraction, networks are pictured as a connectivity graph, enriched with information about host-based activities. Furthermore, we describe our work in progress of evaluating our aggregation model on two different system settings. In the first scenario, we verify the usability of our model in a remote maintenance application. In the second scenario, we evaluate our model in the context of network sniffing and correlation with log-files. First results show that our model is a promising solution to cope with increasing amounts of data and to correlate information from different types of sources.
△ Less
Submitted 28 May, 2019;
originally announced June 2019.
