New framework for adaptive and agile honeypots
This paper proposes a new framework for the development and deployment of honeypots for evolving malware threats. As new technological concepts appear and evolve, attack surfaces are exploited. Internet of things significantly increases the attack surface available to malware developers. Previously...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Electronics and Telecommunications Research Institute (ETRI)
2020-07-01
|
| Series: | ETRI Journal |
| Subjects: | |
| Online Access: | https://doi.org/10.4218/etrij.2019-0155 |
| id |
doaj-2727fda4c541487ca5f9baea1fe3ada1 |
|---|---|
| record_format |
Article |
| spelling |
doaj-2727fda4c541487ca5f9baea1fe3ada12021-01-05T05:20:12ZengElectronics and Telecommunications Research Institute (ETRI)ETRI Journal1225-64632020-07-0142696597510.4218/etrij.2019-015510.4218/etrij.2019-0155New framework for adaptive and agile honeypotsSeamus DowlingMichael SchukatEnda BarrettThis paper proposes a new framework for the development and deployment of honeypots for evolving malware threats. As new technological concepts appear and evolve, attack surfaces are exploited. Internet of things significantly increases the attack surface available to malware developers. Previously independent devices are becoming accessible through new hardware and software attack vectors, and the existing taxonomies governing the development and deployment of honeypots are inadequate for evolving malicious programs and their variants. Malware‐propagation and compromise methods are highly automated and repetitious. These automated and repetitive characteristics can be exploited by using embedded reinforcement learning within a honeypot. A honeypot for automated and repetitive malware (HARM) can be adaptive so that the best responses may be learnt during its interaction with attack sequences. HARM deployments can be agile through periodic policy evaluation to optimize redeployment. The necessary enhancements for adaptive, agile honeypots require a new development and deployment framework.https://doi.org/10.4218/etrij.2019-0155adaptiveagileframeworkhoneypotsreinforcement learning |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Seamus Dowling Michael Schukat Enda Barrett |
| spellingShingle |
Seamus Dowling Michael Schukat Enda Barrett New framework for adaptive and agile honeypots ETRI Journal adaptive agile framework honeypots reinforcement learning |
| author_facet |
Seamus Dowling Michael Schukat Enda Barrett |
| author_sort |
Seamus Dowling |
| title |
New framework for adaptive and agile honeypots |
| title_short |
New framework for adaptive and agile honeypots |
| title_full |
New framework for adaptive and agile honeypots |
| title_fullStr |
New framework for adaptive and agile honeypots |
| title_full_unstemmed |
New framework for adaptive and agile honeypots |
| title_sort |
new framework for adaptive and agile honeypots |
| publisher |
Electronics and Telecommunications Research Institute (ETRI) |
| series |
ETRI Journal |
| issn |
1225-6463 |
| publishDate |
2020-07-01 |
| description |
This paper proposes a new framework for the development and deployment of honeypots for evolving malware threats. As new technological concepts appear and evolve, attack surfaces are exploited. Internet of things significantly increases the attack surface available to malware developers. Previously independent devices are becoming accessible through new hardware and software attack vectors, and the existing taxonomies governing the development and deployment of honeypots are inadequate for evolving malicious programs and their variants. Malware‐propagation and compromise methods are highly automated and repetitious. These automated and repetitive characteristics can be exploited by using embedded reinforcement learning within a honeypot. A honeypot for automated and repetitive malware (HARM) can be adaptive so that the best responses may be learnt during its interaction with attack sequences. HARM deployments can be agile through periodic policy evaluation to optimize redeployment. The necessary enhancements for adaptive, agile honeypots require a new development and deployment framework. |
| topic |
adaptive agile framework honeypots reinforcement learning |
| url |
https://doi.org/10.4218/etrij.2019-0155 |
| work_keys_str_mv |
AT seamusdowling newframeworkforadaptiveandagilehoneypots AT michaelschukat newframeworkforadaptiveandagilehoneypots AT endabarrett newframeworkforadaptiveandagilehoneypots |
| _version_ |
1724348519664320512 |