In Singapore’s evolving cyber landscape, 96% of organisations have suffered at least one cyber attack and 95% of organisations have been reporting more sophisticated attacks in the frame of one year according to a 2019 report[1] by Carbon Black. As such, more tools must be utilised to counter increasingly refined attacks performed by malicious actors. Honeypots are effective tools for studying and mitigating these attacks. They work as decoy systems, typically deployed alongside real systems to capture and log the activities of the attacker. These systems are useful as they can actively detect potential attacks, help cybersecurity specialists study an attacker’s tactics and even misdirect attackers from their intended targets. Honeypots can be classified into two main categories: 1. Low-interaction honeypots merely emulate network services and internet protocols, allowing for limited interaction with the attacker. 2. High-interaction honeypots emulate operating systems, allowing for much more interaction with the attacker. Although honeypots are powerful tools, its value diminishes when its true identity is uncovered by attackers. This is especially so with attackers becoming more skilled through system fingerprinting or analysing network traffic from targets and hence, hindering honeypots from capturing more experienced attackers. While substantial research has been done to defend against system fingerprinting scans (see 1.1 Related Work), not much has been done to defend against network traffic analysis. As pointed out by Symantec[2][3], when attackers attempt to sniff network traffic of the system in question, the lack of network traffic raises a red flag, increasing the likelihood of the honeypot’s true identity being discovered. In addition, the main concern with regards to honeypot deployment being their ability to attract and engage attackers for a substantial period of time, an increased ability to interest malicious actors is invaluable. Producing human-like network activity on a honeypot would appeal to more malicious actors. Hence, this research aims to build an intelligent web-surfer which can learn and thus simulate human web-surfing behaviour, creating evidence of human network activities to disguise the identity of honeypots as production systems and luring in more attackers interested in packet sniffing for malicious purposes.
「為配合國家發展委員會「推動ODF-CNS15251為政府為文件標準格式實施計畫」,以及 提供使用者有文書軟體選擇的權利,本館檔案下載部分文件將公布ODF開放文件格式, 免費開源軟體可至LibreOffice 下載安裝使用,或依貴慣用的軟體開啟文件。」