Honeypots (Various)

Duration

June 2002 – Now

Internal Participants

The research group has conducted experiments and research using honeypots since 2002. The research group has worldwide recognised expertise in honeypot deployment and research. The group has extensive publication in the area as well as several higher degree research completions focused on honeypot technologies and their deployment. Honeypots are a potentially invaluable tool for network reconnaissance and intelligence gathering. In addition these technologies can be used to slow down and affect the attackers ability to conduct denial of service attacks or disrupt an critical infrastructures proper functioning for instance by deception. Deception plays a vital role in honeypot design and a thorough understanding of deception is needed to realise the full potential this technology.

Current Projects

A framework for deception in wireless honeypots – PhD

This project is applying a framework of deception to honeypot architecture. The framework is attempting to control/predict intruder activity by integrating deception theory into the construction of the honeypot artifice.

Honeypots as a viable internal countermeasure – PhD

This research is aimed at examining the deployment of honeypots as an internal viable countermeasure to reduce or stop insider malfeasance.

mwcollect – Botnet detection

This project involves the use of the mwcollect daemon to collect information on several ADSL based accounts to provide direct evidence of the level of attempted or potential successful compromise of computers. Currently there are 2 collectors conducting trial research which is about to conclude and then 8-12 collectors will be deployed across the Australian IP landscape.

SCADA honeypots

This aimed primarily at getting extensions to honeyd functional and testing the deployment for ” realism”. This is being done with the aim of extending the depth of deception and increasing the viability of such honeypots.

Publications

Valli, C. (2006) A Preliminary Investigation into Malware Propagation on Australian ISP networks using the mwcollect Malware Collector daemon, Journal of Information Warfare, Vol 5 Issue 1, pp. 1 – 9

Valli, C. (2006) A Tale of Two Daemons – mwcollect, 1st Conference on Digital Forensics, Imperial Palace, Las Vegas, Nevada.

Yek, S. (2006) Investigating the accuracy of wired and wireless TCP/IP fingerprinting on honeyd. Journal of Information Warfare, 5(1), 19-32.

Yek, S. (2006) Articulating the deception of an attacker under the guise of a honeynet. Paper presented at the 6th International Network Conference, University of Plymouth, Plymouth, England, U.K.

Yek, S. (2006) The development of a framework for applied deception in a honeynet. Paper presented at the 2006 International Conference on i-Warfare and Security, University of Maryland Eastern Shore, Maryland, U.S.A.

Valli, C. (2005) Honeypot technologies and their applicability as an internal countermeasure, In 3rd Australian Computer, Information and Network Forensics Conference, School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia.

Yek, S. (2005) Honeypots, honeynets and honeywalls – Finding the right honey for luring the attacker, In 6th Australian Information Warfare & Security Conference, Deakin University, Geelong, Victoria. 24 – 25th November 2005

Yek,S. (2005)Blackhat Fingerprinting Of The Wired And Wireless Honeynet, In Proceedings of the 3rd Australian Computer, Network & Information Forensics Conference, School of Computer and, Information Science, Edith Cowan University, Perth, Western Australia pp. 115-125

Yek, S. (2004) Implementing network defence using deception in a wireless honeypot, 2nd Australian Computer, Information and Network Forensics Conference, Fremantle, Western Australia

Gupta, N. & Valli, C. (2003) An initial investigation into the performance of the honeyd virtual honeypot system, Proceedings of the 4th Australian Information warfare and IT Security Conference, University of South Australia, Adelaide.

Valli, C. (2003) Honeyd – A fingerprinting Artifice, In 1st Australian Computer, Information and Network Forensics Conference(Eds, Valli, C. and Warren, M.) We-BCentre.COM, Scarborough, Western Australia.

Yek, S. (2003). Measuring the effectiveness of deception in a wireless honeypot. 1st Australian Computer, Information and Network Forensics Conference, Scarborough, Western Australia

Events

September 2010
MonTueWedThuFriSatSun
  
 1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30  

Latest News

ANZFSS (Sydney) and World Computer Congress (Brisbane)

September 3rd, 2010

secau Security Research Centre are attending the Australian New Zealand Forensic Science Symposium (ANZFSS) in Sydney and the World Computer Congress (WCC 2010) in Brisbane.  We have secured exhibition stands at each event, if you are in the area come and visit us, details below:
ANZFSS – 5-9 Septmeber, 2010
Sydney Convention and Exhibition Centre, Darling Harbour
secau are at stand [...]

Know Your Online Terrorist: the top ten ways to find radical elements whilst sipping a latte

September 3rd, 2010

This session looks at websites, social media and chat rooms as pathways to finding people and products that lead to radicalisation. From terrorist organizations to sporting fan clubs, (and everything in between) this presentation looks at the ease with which anybody can make a connection to anybody – and how you might not easily know [...]