Short name: AdaHon
Long name: Distributed Adaptive Honeypot for Classification of Attacker Profiles
Company: University of Ljubljana | uni-lj.si
Call: F4Fp-05-L (see call details)
Proposal number: F4Fp-05-L02
SUMMARY REMARKS & TESTBEDS
Threat assessment and cyber-attack profiling is increasingly important in the modern world of Internet-connected computers, things and people, where cyber-dependency has become a prominent phenomenon and hacking expertise is readily available in open source repositories. Active and passive targets, such as honeypots and internet black holes, are instrumental for providing active defence and rapid incident response mechanisms by assessing the threat level and modus operandi of the detected intrusions. However, despite fast-paced advances in the field, the design of an efficient adaptive behaviour of a honeypot with intelligent interaction capabilities remains a considerable challenge. Also, there is a pressing shortage of openly accessible repositories of comprehensive, representative and up-to-date volumes of attack data and profiling resources to support advanced cybersecurity research.
In this experiment we want to deploy and validate a distributed network of adaptive honeypots:
- to gain comprehensive and up-to-date insights into attacker profiles and modern 2019 landscape of hacking tools, and make this knowledge openly available, and
- to experiment with improved attacker profiling algorithms and unassisted learning techniques to support intelligent adaptivity of the honeypots, which can be used in modern deception technology to make it more attractive for the attackers and to avoid or prolong the time before detection during an attack.
The experiment leverages two Fed4FIRE+ testbeds: PlanetLab Europe to deploy a network of geographically distributed honeypots and collect large volumes of attack data, and TENGU for their big data storage and analytics resources to implement attacker profiling and honeypot adaptation algorithms.
AdaHon extends the Fed4FIRE+ experimentation portfolio into a high-profile cybersecurity innovation domain and represents an important element of UL’s long-term strategy to scale their current experimentation environment and on the long run set up an open and sustainable cybersecurity innovation facility in Europe.