Centre of Excellence, Artificial Intelligence and Robotics (AIR); Centre of Excellence, Cyber Security and School of Computer Science and Engineering, VIT-AP University, Amaravati, Andhra Pradesh, 522237, India.
Sci Rep. 2023 Jan 25;13(1):1437. doi: 10.1038/s41598-023-28613-0.
Discovering malicious packets amid a cloud of normal activity, whether you use an IDS or gather and analyze machine and device log files on company infrastructure, may be challenging and time consuming. The vulnerability landscape is rapidly evolving, and it will only become worse as more and more developing technologies, such as IoT, Industrial Automation, CPS, Digital Twins, etc are digitally connected. A honey trap aids in identifying malicious packets easily as, after a few rapid calibrations to eliminate false positives. Besides analyzing and reporting particular invasion patterns or toolkits exploited, it also assists in preventing access to actual devices by simulating the genuine systems and applications functioning in the network thus delaying as well as baffling the invader. In order to analyze and evaluate the hackers' behavior, an ensemble of research honeypot detectors has been deployed in our work. This paper delivers a robust outline of the deployment of containerized honeypot deployment, as a direct consequence, these are portable, durable, and simple to deploy and administer. The instrumented approach was monitored and generated countless data points on which significant judgments about the malevolent users' activities and purpose could be inferred.
在云正常活动中发现恶意数据包,无论是使用 IDS 还是在公司基础设施上收集和分析机器和设备日志文件,都可能具有挑战性和耗时。漏洞状况正在迅速演变,随着越来越多的发展技术(如物联网、工业自动化、CPS、数字双胞胎等)实现数字化连接,情况只会变得更糟。蜜罐有助于轻松识别恶意数据包,因为在进行了几次快速校准以消除误报之后。除了分析和报告特定的入侵模式或利用的工具包外,它还通过模拟网络中实际设备上运行的真实系统和应用程序来防止访问实际设备,从而延迟和迷惑入侵者。为了分析和评估黑客的行为,我们在工作中部署了一组研究蜜罐探测器。本文提供了一个强大的容器化蜜罐部署部署概述,因此,这些是便携式的、持久的、易于部署和管理的。监测并生成了无数的关于恶意用户活动和目的的数据点,可以从中推断出关于这些数据点的重要判断。
