Show simple item record

dc.contributor.advisorSchukat, Michael
dc.contributor.advisorBarrett, Enda
dc.contributor.authorDowling, Seamus
dc.date.accessioned2020-03-03T08:37:01Z
dc.date.available2020-03-03T08:37:01Z
dc.date.issued2020-01-13
dc.identifier.urihttp://hdl.handle.net/10379/15832
dc.description.abstractAs new technological concepts appear and evolve, cyberattack surfaces and vectors are exploited. Every Internet facing device or service is vulnerable from the untrusted external Internet. Previously standalone devices are accessible through new hardware and software attack vectors. Internet of things significantly increases the attack surface available to malware developers. Malware methods of propagation and compromise are highly automated and highly repetitious. To react to new changes in malware evolution, cybersecurity measures must evolve also. One such tool traditionally used for retrospective analysis is a honeypot. Honeypots facilitate attack interaction with scripted responses to attack command streams. Global honeynets capture large scale datasets which are useful for longitudinal analysis of malware methods. Standard honeypots are deployed for long periods and capture datasets comprising of automated and repetitive attacks. If the honeypot encounters an attack command it cannot process, then the attack terminates. A Honeypot for Automated and Repetitive Malware (HARM) can use reinforcement learning, to learn the best responses when interacting with attack sequences. The actual characteristics of malware, automation and repetition, can be exploited using embedded reinforcement learning within the honeypot. This adaptive ability allows honeypots to prolong interaction, realise attack sequences faster and conceal its functionality from dedicated honeypot detection tools and methods. The agility of HARM’s functionality can be further enhanced by periodically evaluating its performance to optimise further deployments targeting immediate threats. The cyclic method of development, deployment and optimisation improves honeypot operations and requires a new framework for adaptive and agile honeypots.en_IE
dc.publisherNUI Galway
dc.subjectReinforcement Learningen_IE
dc.subjectHoneypotsen_IE
dc.subjectAdaptiveen_IE
dc.subjectAgileen_IE
dc.subjectFrameworken_IE
dc.subjectEngineering and Informaticsen_IE
dc.subjectInformation technologyen_IE
dc.subjectComputer scienceen_IE
dc.titleA new framework for adaptive and agile honeypotsen_IE
dc.typeThesisen
dc.local.noteThis work incorporates reinforcement learning into honeypot functionality to learn the best responses to malware interactions. In doing so the honeypot uses the automated and repetitive nature of malware to prolong interactions and capture more meaningful data in a shorter timeframe.en_IE
dc.local.finalYesen_IE
nui.item.downloads445


Files in this item

Attribution-NonCommercial-NoDerivs 3.0 Ireland
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. Please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.

The following license files are associated with this item:

Thumbnail

This item appears in the following Collection(s)

Show simple item record