Honeypots (Various)

Duration

June 2002 – Now

Internal Participants

The research group has conducted experiments and research using honeypots since 2002. The research group has worldwide recognised expertise in honeypot deployment and research. The group has extensive publication in the area as well as several higher degree research completions focused on honeypot technologies and their deployment. Honeypots are a potentially invaluable tool for network reconnaissance and intelligence gathering. In addition these technologies can be used to slow down and affect the attackers ability to conduct denial of service attacks or disrupt an critical infrastructures proper functioning for instance by deception. Deception plays a vital role in honeypot design and a thorough understanding of deception is needed to realise the full potential this technology.

Current Projects

A framework for deception in wireless honeypots – PhD

This project is applying a framework of deception to honeypot architecture. The framework is attempting to control/predict intruder activity by integrating deception theory into the construction of the honeypot artifice.

Honeypots as a viable internal countermeasure – PhD

This research is aimed at examining the deployment of honeypots as an internal viable countermeasure to reduce or stop insider malfeasance.

mwcollect – Botnet detection

This project involves the use of the mwcollect daemon to collect information on several ADSL based accounts to provide direct evidence of the level of attempted or potential successful compromise of computers. Currently there are 2 collectors conducting trial research which is about to conclude and then 8-12 collectors will be deployed across the Australian IP landscape.

SCADA honeypots

This aimed primarily at getting extensions to honeyd functional and testing the deployment for ” realism”. This is being done with the aim of extending the depth of deception and increasing the viability of such honeypots.

Publications

Valli, C. (2006) A Preliminary Investigation into Malware Propagation on Australian ISP networks using the mwcollect Malware Collector daemon, Journal of Information Warfare, Vol 5 Issue 1, pp. 1 – 9

Valli, C. (2006) A Tale of Two Daemons – mwcollect, 1st Conference on Digital Forensics, Imperial Palace, Las Vegas, Nevada.

Yek, S. (2006) Investigating the accuracy of wired and wireless TCP/IP fingerprinting on honeyd. Journal of Information Warfare, 5(1), 19-32.

Yek, S. (2006) Articulating the deception of an attacker under the guise of a honeynet. Paper presented at the 6th International Network Conference, University of Plymouth, Plymouth, England, U.K.

Yek, S. (2006) The development of a framework for applied deception in a honeynet. Paper presented at the 2006 International Conference on i-Warfare and Security, University of Maryland Eastern Shore, Maryland, U.S.A.

Valli, C. (2005) Honeypot technologies and their applicability as an internal countermeasure, In 3rd Australian Computer, Information and Network Forensics Conference, School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia.

Yek, S. (2005) Honeypots, honeynets and honeywalls – Finding the right honey for luring the attacker, In 6th Australian Information Warfare & Security Conference, Deakin University, Geelong, Victoria. 24 – 25th November 2005

Yek,S. (2005)Blackhat Fingerprinting Of The Wired And Wireless Honeynet, In Proceedings of the 3rd Australian Computer, Network & Information Forensics Conference, School of Computer and, Information Science, Edith Cowan University, Perth, Western Australia pp. 115-125

Yek, S. (2004) Implementing network defence using deception in a wireless honeypot, 2nd Australian Computer, Information and Network Forensics Conference, Fremantle, Western Australia

Gupta, N. & Valli, C. (2003) An initial investigation into the performance of the honeyd virtual honeypot system, Proceedings of the 4th Australian Information warfare and IT Security Conference, University of South Australia, Adelaide.

Valli, C. (2003) Honeyd – A fingerprinting Artifice, In 1st Australian Computer, Information and Network Forensics Conference(Eds, Valli, C. and Warren, M.) We-BCentre.COM, Scarborough, Western Australia.

Yek, S. (2003). Measuring the effectiveness of deception in a wireless honeypot. 1st Australian Computer, Information and Network Forensics Conference, Scarborough, Western Australia

Events

March 2010
MonTueWedThuFriSatSun
  
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31  

Latest News

Open Source Intelligence: Tradecraft & Tools – 12 March

February 25th, 2010

There has never been anything in the history of humankind that comes close to the ability of the Internet to reach to almost every part of the globe.  But, as with all new technologies, it comes at a cost—many costs, in fact.
The first Google index in 1998 captured 26 million pages, and by 2000 the [...]

secAU Special Interest Group Seminar: VoIP something old something new

February 5th, 2010

Over 30 years ago the “holy grail of hackers was the compromise and utilisation of PABX systems to enable free phone calls for voice and of course data at that stage. In response to this phenomenon PABX systems became increasingly secure and less able to be compromised. Now some 30 years on we now have [...]