Dissertação de Mestrado

Honeypots in Active Defense: A Tactical Approach to Cyber Threat Intelligence and Deception

Diogo Fontinha Braz2024

Informações chave

Autores:

Diogo Fontinha Braz (Diogo Fontinha Braz)

Orientadores:

Pedro Miguel dos Santos Alves Madeira Adão (Pedro Miguel dos Santos Alves Madeira Adão); Fernando Mira da Silva (Fernando Henrique Côrte-Real Mira da Silva)

Publicado em

12/11/2024

Resumo

As cyber threats continue to evolve, understanding how attackers operate and identifying their tactics are essential for enhancing security mechanisms. Honeypots, designed to simulate vulnerable systems and attract attackers, provide valuable insights into malicious activities. However, many publicly available honeypots are easily detectable, reducing their effectiveness. To address these issues, this thesis introduces the development of a web-based honeypot designed with several key objectives: ease of deployment with minimal configuration, maximized attack data collection, safeguards to prevent becoming an attack vector, minimal maintenance requirements, and adherence to ethical and legal standards. The proposed honeypot stands out due to its ease of scalability, adaptability to changing traffic patterns, and ability to capture extensive attack data while maintaining operational security. The honeypot is designed to remain lightweight yet robust, with built-in mechanisms to prevent detection and reduce the risk of misuse by attackers. Additionally, its modular architecture facilitates seamless integration with various network environments, offering flexibility and resilience in monitoring and analyzing malicious activities. Following its development, the honeypot was deployed and made publicly accessible for one month. During this period, it recorded 9,179 malicious requests from 806 unique IP addresses. The data collected provided valuable insights into the objectives and methodologies of attackers. Upon evaluation, the honeypot successfully achieved all predefined objectives, demonstrating its effectiveness and contribution to the field.

Detalhes da publicação

Autores da comunidade :

Orientadores desta instituição:

Domínio Científico (FOS)

electrical-engineering-electronic-engineering-information-engineering - Engenharia Eletrotécnica, Eletrónica e Informática

Idioma da publicação (código ISO)

eng - Inglês

Acesso à publicação:

Acesso Embargado

Data do fim do embargo:

11/09/2025

Nome da instituição

Instituto Superior Técnico