IoT Honeynet com Emulação da Internet

Detalhes bibliográficos
Ano de defesa: 2019
Autor(a) principal: Godoy, Douglas Baptista de
Orientador(a): Senger, Hermes lattes
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal de São Carlos
Câmpus São Carlos
Programa de Pós-Graduação: Programa de Pós-Graduação em Ciência da Computação - PPGCC
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Análise
Ataque
Palavras-chave em Inglês:
Analysis
Attacks
Honeynet
Honeypot
IoT
Malware
Área do conhecimento CNPq:
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO
Link de acesso: https://repositorio.ufscar.br/handle/20.500.14289/11176
Resumo: This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable.

Registros relacionados