IoT Honeynet com Emulação da Internet

Detalhes bibliográficos
Autor(a) principal: Godoy, Douglas Baptista de
Data de Publicação: 2019
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Repositório Institucional da UFSCAR
Texto Completo: https://repositorio.ufscar.br/handle/ufscar/11176
Resumo: This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable.
id SCAR_3bdd59204a1dc5cfe557ed59a8e5c06f
oai_identifier_str oai:repositorio.ufscar.br:ufscar/11176
network_acronym_str SCAR
network_name_str Repositório Institucional da UFSCAR
repository_id_str 4322
spelling Godoy, Douglas Baptista deSenger, Hermeshttp://lattes.cnpq.br/3691742159298316http://lattes.cnpq.br/5910037024783988396a7dbc-b016-4ec9-b1ef-a641745ce7082019-04-02T19:07:34Z2019-04-02T19:07:34Z2019-02-25GODOY, Douglas Baptista de. IoT Honeynet com Emulação da Internet. 2019. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de São Carlos, São Carlos, 2019. Disponível em: https://repositorio.ufscar.br/handle/ufscar/11176.https://repositorio.ufscar.br/handle/ufscar/11176This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable.Este trabalho argumenta que o crescimento do número de dispositivos de Internet das Coisas (IoT) em nossas vidas (ex. Amazon Echo, câmeras, etc), bem como seu crescente poder computacional, desperta o interesse de hackers a atacá-los. Em sua maioria, esses ataques visam obter lucros, espionagem ou ativismo. Entretanto, apesar de anos de pesquisa e experiência, ainda não produzimos sistemas computacionais com programação segura o suficiente para impedir tais ataques em larga escala. Em geral, as técnicas empregadas são posteriores ao ataque, como a detecção do ataque e a análise do malware, onde são empregadas ferramentas capazes de realizar processos que permitem monitorar as interações do malware com o ambiente. Esses processos podem ser de dois tipos: (I) análise estática que é o processo de analisar o malware sem executá-lo; (II) análise dinâmica que executa o malware em ambiente controlado e monitora suas interações. As ferramentas de captura, tais como honeypots e honeynets, requerem um ambiente controlado e esse é o tema central de nosso trabalho, especialmente voltado para os dispositivos IoTs. Dessa forma, propomos uma arquitetura de honeynet que é capaz de identificar os ataques e as interações dos ciberataques com o seu controle, em que partimos da premissa que tais interações são feitas por meios de endereços em listas negras. Além disso, a execução do malware deve ser feita por processo similar aos de dispositivos de IoT. Finalmente, a arquitetura precisa ser autossuficiente e estar em um ambiente controlado, de modo a garantir que sua execução não gere um ataque real na internet, mas que a reproduza por meio de emulação. Em suma, foi desenvolvido uma prova de conceito com redes definidas por software (SDN) e os resultados mostram que a arquitetura é autossuficiente e seu ambiente controlado e escalável.Não recebi financiamentoporUniversidade Federal de São CarlosCâmpus São CarlosPrograma de Pós-Graduação em Ciência da Computação - PPGCCUFSCarAnáliseAtaqueAnalysisAttacksHoneynetHoneypotIoTMalwareCIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAOIoT Honeynet com Emulação da Internetinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisOnline6006002947c428-30b1-4d14-8369-e5871a4d7accinfo:eu-repo/semantics/openAccessreponame:Repositório Institucional da UFSCARinstname:Universidade Federal de São Carlos (UFSCAR)instacron:UFSCARORIGINALDissertacao_Douglas_Godoy_Final-mesclado.pdfDissertacao_Douglas_Godoy_Final-mesclado.pdfapplication/pdf2450293https://repositorio.ufscar.br/bitstream/ufscar/11176/1/Dissertacao_Douglas_Godoy_Final-mesclado.pdf98cc756ceb0dcdd25247741e2b4e7374MD51LICENSElicense.txtlicense.txttext/plain; charset=utf-81957https://repositorio.ufscar.br/bitstream/ufscar/11176/3/license.txtae0398b6f8b235e40ad82cba6c50031dMD53TEXTDissertacao_Douglas_Godoy_Final-mesclado.pdf.txtDissertacao_Douglas_Godoy_Final-mesclado.pdf.txtExtracted texttext/plain134876https://repositorio.ufscar.br/bitstream/ufscar/11176/4/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.txtf7b5042b36e9ffc5e0ff552c2f663c30MD54THUMBNAILDissertacao_Douglas_Godoy_Final-mesclado.pdf.jpgDissertacao_Douglas_Godoy_Final-mesclado.pdf.jpgIM Thumbnailimage/jpeg7776https://repositorio.ufscar.br/bitstream/ufscar/11176/5/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.jpg067a5a3eca5338a2ccc7cdff8b1a3680MD55ufscar/111762023-09-18 18:31:21.382oai:repositorio.ufscar.br:ufscar/11176TElDRU7Dh0EgREUgRElTVFJJQlVJw4fDg08gTsODTy1FWENMVVNJVkEKCkNvbSBhIGFwcmVzZW50YcOnw6NvIGRlc3RhIGxpY2Vuw6dhLCB2b2PDqiAobyBhdXRvciAoZXMpIG91IG8gdGl0dWxhciBkb3MgZGlyZWl0b3MgZGUgYXV0b3IpIGNvbmNlZGUgw6AgVW5pdmVyc2lkYWRlCkZlZGVyYWwgZGUgU8OjbyBDYXJsb3MgbyBkaXJlaXRvIG7Do28tZXhjbHVzaXZvIGRlIHJlcHJvZHV6aXIsICB0cmFkdXppciAoY29uZm9ybWUgZGVmaW5pZG8gYWJhaXhvKSwgZS9vdQpkaXN0cmlidWlyIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyAoaW5jbHVpbmRvIG8gcmVzdW1vKSBwb3IgdG9kbyBvIG11bmRvIG5vIGZvcm1hdG8gaW1wcmVzc28gZSBlbGV0csO0bmljbyBlCmVtIHF1YWxxdWVyIG1laW8sIGluY2x1aW5kbyBvcyBmb3JtYXRvcyDDoXVkaW8gb3UgdsOtZGVvLgoKVm9jw6ogY29uY29yZGEgcXVlIGEgVUZTQ2FyIHBvZGUsIHNlbSBhbHRlcmFyIG8gY29udGXDumRvLCB0cmFuc3BvciBhIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28KcGFyYSBxdWFscXVlciBtZWlvIG91IGZvcm1hdG8gcGFyYSBmaW5zIGRlIHByZXNlcnZhw6fDo28uCgpWb2PDqiB0YW1iw6ltIGNvbmNvcmRhIHF1ZSBhIFVGU0NhciBwb2RlIG1hbnRlciBtYWlzIGRlIHVtYSBjw7NwaWEgYSBzdWEgdGVzZSBvdQpkaXNzZXJ0YcOnw6NvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcwpuZXN0YSBsaWNlbsOnYS4gVm9jw6ogdGFtYsOpbSBkZWNsYXJhIHF1ZSBvIGRlcMOzc2l0byBkYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIG7Do28sIHF1ZSBzZWphIGRlIHNldQpjb25oZWNpbWVudG8sIGluZnJpbmdlIGRpcmVpdG9zIGF1dG9yYWlzIGRlIG5pbmd1w6ltLgoKQ2FzbyBhIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28gY29udGVuaGEgbWF0ZXJpYWwgcXVlIHZvY8OqIG7Do28gcG9zc3VpIGEgdGl0dWxhcmlkYWRlIGRvcyBkaXJlaXRvcyBhdXRvcmFpcywgdm9jw6oKZGVjbGFyYSBxdWUgb2J0ZXZlIGEgcGVybWlzc8OjbyBpcnJlc3RyaXRhIGRvIGRldGVudG9yIGRvcyBkaXJlaXRvcyBhdXRvcmFpcyBwYXJhIGNvbmNlZGVyIMOgIFVGU0NhcgpvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUKaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3Ugbm8gY29udGXDumRvIGRhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBvcmEgZGVwb3NpdGFkYS4KCkNBU08gQSBURVNFIE9VIERJU1NFUlRBw4fDg08gT1JBIERFUE9TSVRBREEgVEVOSEEgU0lETyBSRVNVTFRBRE8gREUgVU0gUEFUUk9Dw41OSU8gT1UKQVBPSU8gREUgVU1BIEFHw4pOQ0lBIERFIEZPTUVOVE8gT1UgT1VUUk8gT1JHQU5JU01PIFFVRSBOw4NPIFNFSkEgQSBVRlNDYXIsClZPQ8OKIERFQ0xBUkEgUVVFIFJFU1BFSVRPVSBUT0RPUyBFIFFVQUlTUVVFUiBESVJFSVRPUyBERSBSRVZJU8ODTyBDT01PClRBTULDiU0gQVMgREVNQUlTIE9CUklHQcOHw5VFUyBFWElHSURBUyBQT1IgQ09OVFJBVE8gT1UgQUNPUkRPLgoKQSBVRlNDYXIgc2UgY29tcHJvbWV0ZSBhIGlkZW50aWZpY2FyIGNsYXJhbWVudGUgbyBzZXUgbm9tZSAocykgb3UgbyhzKSBub21lKHMpIGRvKHMpCmRldGVudG9yKGVzKSBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzCmNvbmNlZGlkYXMgcG9yIGVzdGEgbGljZW7Dp2EuCg==Repositório InstitucionalPUBhttps://repositorio.ufscar.br/oai/requestopendoar:43222023-09-18T18:31:21Repositório Institucional da UFSCAR - Universidade Federal de São Carlos (UFSCAR)false
dc.title.por.fl_str_mv IoT Honeynet com Emulação da Internet
title IoT Honeynet com Emulação da Internet
spellingShingle IoT Honeynet com Emulação da Internet
Godoy, Douglas Baptista de
Análise
Ataque
Analysis
Attacks
Honeynet
Honeypot
IoT
Malware
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO
title_short IoT Honeynet com Emulação da Internet
title_full IoT Honeynet com Emulação da Internet
title_fullStr IoT Honeynet com Emulação da Internet
title_full_unstemmed IoT Honeynet com Emulação da Internet
title_sort IoT Honeynet com Emulação da Internet
author Godoy, Douglas Baptista de
author_facet Godoy, Douglas Baptista de
author_role author
dc.contributor.authorlattes.por.fl_str_mv http://lattes.cnpq.br/5910037024783988
dc.contributor.author.fl_str_mv Godoy, Douglas Baptista de
dc.contributor.advisor1.fl_str_mv Senger, Hermes
dc.contributor.advisor1Lattes.fl_str_mv http://lattes.cnpq.br/3691742159298316
dc.contributor.authorID.fl_str_mv 396a7dbc-b016-4ec9-b1ef-a641745ce708
contributor_str_mv Senger, Hermes
dc.subject.por.fl_str_mv Análise
Ataque
topic Análise
Ataque
Analysis
Attacks
Honeynet
Honeypot
IoT
Malware
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO
dc.subject.eng.fl_str_mv Analysis
Attacks
Honeynet
Honeypot
IoT
Malware
dc.subject.cnpq.fl_str_mv CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO
description This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable.
publishDate 2019
dc.date.accessioned.fl_str_mv 2019-04-02T19:07:34Z
dc.date.available.fl_str_mv 2019-04-02T19:07:34Z
dc.date.issued.fl_str_mv 2019-02-25
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv GODOY, Douglas Baptista de. IoT Honeynet com Emulação da Internet. 2019. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de São Carlos, São Carlos, 2019. Disponível em: https://repositorio.ufscar.br/handle/ufscar/11176.
dc.identifier.uri.fl_str_mv https://repositorio.ufscar.br/handle/ufscar/11176
identifier_str_mv GODOY, Douglas Baptista de. IoT Honeynet com Emulação da Internet. 2019. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de São Carlos, São Carlos, 2019. Disponível em: https://repositorio.ufscar.br/handle/ufscar/11176.
url https://repositorio.ufscar.br/handle/ufscar/11176
dc.language.iso.fl_str_mv por
language por
dc.relation.confidence.fl_str_mv 600
600
dc.relation.authority.fl_str_mv 2947c428-30b1-4d14-8369-e5871a4d7acc
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv Universidade Federal de São Carlos
Câmpus São Carlos
dc.publisher.program.fl_str_mv Programa de Pós-Graduação em Ciência da Computação - PPGCC
dc.publisher.initials.fl_str_mv UFSCar
publisher.none.fl_str_mv Universidade Federal de São Carlos
Câmpus São Carlos
dc.source.none.fl_str_mv reponame:Repositório Institucional da UFSCAR
instname:Universidade Federal de São Carlos (UFSCAR)
instacron:UFSCAR
instname_str Universidade Federal de São Carlos (UFSCAR)
instacron_str UFSCAR
institution UFSCAR
reponame_str Repositório Institucional da UFSCAR
collection Repositório Institucional da UFSCAR
bitstream.url.fl_str_mv https://repositorio.ufscar.br/bitstream/ufscar/11176/1/Dissertacao_Douglas_Godoy_Final-mesclado.pdf
https://repositorio.ufscar.br/bitstream/ufscar/11176/3/license.txt
https://repositorio.ufscar.br/bitstream/ufscar/11176/4/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.txt
https://repositorio.ufscar.br/bitstream/ufscar/11176/5/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.jpg
bitstream.checksum.fl_str_mv 98cc756ceb0dcdd25247741e2b4e7374
ae0398b6f8b235e40ad82cba6c50031d
f7b5042b36e9ffc5e0ff552c2f663c30
067a5a3eca5338a2ccc7cdff8b1a3680
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
repository.name.fl_str_mv Repositório Institucional da UFSCAR - Universidade Federal de São Carlos (UFSCAR)
repository.mail.fl_str_mv
_version_ 1802136355309879296

Registros relacionados