IoT Honeynet com Emulação da Internet
Autor(a) principal: | |
---|---|
Data de Publicação: | 2019 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Repositório Institucional da UFSCAR |
Texto Completo: | https://repositorio.ufscar.br/handle/ufscar/11176 |
Resumo: | This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable. |
id |
SCAR_3bdd59204a1dc5cfe557ed59a8e5c06f |
---|---|
oai_identifier_str |
oai:repositorio.ufscar.br:ufscar/11176 |
network_acronym_str |
SCAR |
network_name_str |
Repositório Institucional da UFSCAR |
repository_id_str |
4322 |
spelling |
Godoy, Douglas Baptista deSenger, Hermeshttp://lattes.cnpq.br/3691742159298316http://lattes.cnpq.br/5910037024783988396a7dbc-b016-4ec9-b1ef-a641745ce7082019-04-02T19:07:34Z2019-04-02T19:07:34Z2019-02-25GODOY, Douglas Baptista de. IoT Honeynet com Emulação da Internet. 2019. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de São Carlos, São Carlos, 2019. Disponível em: https://repositorio.ufscar.br/handle/ufscar/11176.https://repositorio.ufscar.br/handle/ufscar/11176This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable.Este trabalho argumenta que o crescimento do número de dispositivos de Internet das Coisas (IoT) em nossas vidas (ex. Amazon Echo, câmeras, etc), bem como seu crescente poder computacional, desperta o interesse de hackers a atacá-los. Em sua maioria, esses ataques visam obter lucros, espionagem ou ativismo. Entretanto, apesar de anos de pesquisa e experiência, ainda não produzimos sistemas computacionais com programação segura o suficiente para impedir tais ataques em larga escala. Em geral, as técnicas empregadas são posteriores ao ataque, como a detecção do ataque e a análise do malware, onde são empregadas ferramentas capazes de realizar processos que permitem monitorar as interações do malware com o ambiente. Esses processos podem ser de dois tipos: (I) análise estática que é o processo de analisar o malware sem executá-lo; (II) análise dinâmica que executa o malware em ambiente controlado e monitora suas interações. As ferramentas de captura, tais como honeypots e honeynets, requerem um ambiente controlado e esse é o tema central de nosso trabalho, especialmente voltado para os dispositivos IoTs. Dessa forma, propomos uma arquitetura de honeynet que é capaz de identificar os ataques e as interações dos ciberataques com o seu controle, em que partimos da premissa que tais interações são feitas por meios de endereços em listas negras. Além disso, a execução do malware deve ser feita por processo similar aos de dispositivos de IoT. Finalmente, a arquitetura precisa ser autossuficiente e estar em um ambiente controlado, de modo a garantir que sua execução não gere um ataque real na internet, mas que a reproduza por meio de emulação. Em suma, foi desenvolvido uma prova de conceito com redes definidas por software (SDN) e os resultados mostram que a arquitetura é autossuficiente e seu ambiente controlado e escalável.Não recebi financiamentoporUniversidade Federal de São CarlosCâmpus São CarlosPrograma de Pós-Graduação em Ciência da Computação - PPGCCUFSCarAnáliseAtaqueAnalysisAttacksHoneynetHoneypotIoTMalwareCIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAOIoT Honeynet com Emulação da Internetinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisOnline6006002947c428-30b1-4d14-8369-e5871a4d7accinfo:eu-repo/semantics/openAccessreponame:Repositório Institucional da UFSCARinstname:Universidade Federal de São Carlos (UFSCAR)instacron:UFSCARORIGINALDissertacao_Douglas_Godoy_Final-mesclado.pdfDissertacao_Douglas_Godoy_Final-mesclado.pdfapplication/pdf2450293https://repositorio.ufscar.br/bitstream/ufscar/11176/1/Dissertacao_Douglas_Godoy_Final-mesclado.pdf98cc756ceb0dcdd25247741e2b4e7374MD51LICENSElicense.txtlicense.txttext/plain; charset=utf-81957https://repositorio.ufscar.br/bitstream/ufscar/11176/3/license.txtae0398b6f8b235e40ad82cba6c50031dMD53TEXTDissertacao_Douglas_Godoy_Final-mesclado.pdf.txtDissertacao_Douglas_Godoy_Final-mesclado.pdf.txtExtracted texttext/plain134876https://repositorio.ufscar.br/bitstream/ufscar/11176/4/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.txtf7b5042b36e9ffc5e0ff552c2f663c30MD54THUMBNAILDissertacao_Douglas_Godoy_Final-mesclado.pdf.jpgDissertacao_Douglas_Godoy_Final-mesclado.pdf.jpgIM Thumbnailimage/jpeg7776https://repositorio.ufscar.br/bitstream/ufscar/11176/5/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.jpg067a5a3eca5338a2ccc7cdff8b1a3680MD55ufscar/111762023-09-18 18:31:21.382oai:repositorio.ufscar.br:ufscar/11176TElDRU7Dh0EgREUgRElTVFJJQlVJw4fDg08gTsODTy1FWENMVVNJVkEKCkNvbSBhIGFwcmVzZW50YcOnw6NvIGRlc3RhIGxpY2Vuw6dhLCB2b2PDqiAobyBhdXRvciAoZXMpIG91IG8gdGl0dWxhciBkb3MgZGlyZWl0b3MgZGUgYXV0b3IpIGNvbmNlZGUgw6AgVW5pdmVyc2lkYWRlCkZlZGVyYWwgZGUgU8OjbyBDYXJsb3MgbyBkaXJlaXRvIG7Do28tZXhjbHVzaXZvIGRlIHJlcHJvZHV6aXIsICB0cmFkdXppciAoY29uZm9ybWUgZGVmaW5pZG8gYWJhaXhvKSwgZS9vdQpkaXN0cmlidWlyIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyAoaW5jbHVpbmRvIG8gcmVzdW1vKSBwb3IgdG9kbyBvIG11bmRvIG5vIGZvcm1hdG8gaW1wcmVzc28gZSBlbGV0csO0bmljbyBlCmVtIHF1YWxxdWVyIG1laW8sIGluY2x1aW5kbyBvcyBmb3JtYXRvcyDDoXVkaW8gb3UgdsOtZGVvLgoKVm9jw6ogY29uY29yZGEgcXVlIGEgVUZTQ2FyIHBvZGUsIHNlbSBhbHRlcmFyIG8gY29udGXDumRvLCB0cmFuc3BvciBhIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28KcGFyYSBxdWFscXVlciBtZWlvIG91IGZvcm1hdG8gcGFyYSBmaW5zIGRlIHByZXNlcnZhw6fDo28uCgpWb2PDqiB0YW1iw6ltIGNvbmNvcmRhIHF1ZSBhIFVGU0NhciBwb2RlIG1hbnRlciBtYWlzIGRlIHVtYSBjw7NwaWEgYSBzdWEgdGVzZSBvdQpkaXNzZXJ0YcOnw6NvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcwpuZXN0YSBsaWNlbsOnYS4gVm9jw6ogdGFtYsOpbSBkZWNsYXJhIHF1ZSBvIGRlcMOzc2l0byBkYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIG7Do28sIHF1ZSBzZWphIGRlIHNldQpjb25oZWNpbWVudG8sIGluZnJpbmdlIGRpcmVpdG9zIGF1dG9yYWlzIGRlIG5pbmd1w6ltLgoKQ2FzbyBhIHN1YSB0ZXNlIG91IGRpc3NlcnRhw6fDo28gY29udGVuaGEgbWF0ZXJpYWwgcXVlIHZvY8OqIG7Do28gcG9zc3VpIGEgdGl0dWxhcmlkYWRlIGRvcyBkaXJlaXRvcyBhdXRvcmFpcywgdm9jw6oKZGVjbGFyYSBxdWUgb2J0ZXZlIGEgcGVybWlzc8OjbyBpcnJlc3RyaXRhIGRvIGRldGVudG9yIGRvcyBkaXJlaXRvcyBhdXRvcmFpcyBwYXJhIGNvbmNlZGVyIMOgIFVGU0NhcgpvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUKaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3Ugbm8gY29udGXDumRvIGRhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBvcmEgZGVwb3NpdGFkYS4KCkNBU08gQSBURVNFIE9VIERJU1NFUlRBw4fDg08gT1JBIERFUE9TSVRBREEgVEVOSEEgU0lETyBSRVNVTFRBRE8gREUgVU0gUEFUUk9Dw41OSU8gT1UKQVBPSU8gREUgVU1BIEFHw4pOQ0lBIERFIEZPTUVOVE8gT1UgT1VUUk8gT1JHQU5JU01PIFFVRSBOw4NPIFNFSkEgQSBVRlNDYXIsClZPQ8OKIERFQ0xBUkEgUVVFIFJFU1BFSVRPVSBUT0RPUyBFIFFVQUlTUVVFUiBESVJFSVRPUyBERSBSRVZJU8ODTyBDT01PClRBTULDiU0gQVMgREVNQUlTIE9CUklHQcOHw5VFUyBFWElHSURBUyBQT1IgQ09OVFJBVE8gT1UgQUNPUkRPLgoKQSBVRlNDYXIgc2UgY29tcHJvbWV0ZSBhIGlkZW50aWZpY2FyIGNsYXJhbWVudGUgbyBzZXUgbm9tZSAocykgb3UgbyhzKSBub21lKHMpIGRvKHMpCmRldGVudG9yKGVzKSBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzCmNvbmNlZGlkYXMgcG9yIGVzdGEgbGljZW7Dp2EuCg==Repositório InstitucionalPUBhttps://repositorio.ufscar.br/oai/requestopendoar:43222023-09-18T18:31:21Repositório Institucional da UFSCAR - Universidade Federal de São Carlos (UFSCAR)false |
dc.title.por.fl_str_mv |
IoT Honeynet com Emulação da Internet |
title |
IoT Honeynet com Emulação da Internet |
spellingShingle |
IoT Honeynet com Emulação da Internet Godoy, Douglas Baptista de Análise Ataque Analysis Attacks Honeynet Honeypot IoT Malware CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
title_short |
IoT Honeynet com Emulação da Internet |
title_full |
IoT Honeynet com Emulação da Internet |
title_fullStr |
IoT Honeynet com Emulação da Internet |
title_full_unstemmed |
IoT Honeynet com Emulação da Internet |
title_sort |
IoT Honeynet com Emulação da Internet |
author |
Godoy, Douglas Baptista de |
author_facet |
Godoy, Douglas Baptista de |
author_role |
author |
dc.contributor.authorlattes.por.fl_str_mv |
http://lattes.cnpq.br/5910037024783988 |
dc.contributor.author.fl_str_mv |
Godoy, Douglas Baptista de |
dc.contributor.advisor1.fl_str_mv |
Senger, Hermes |
dc.contributor.advisor1Lattes.fl_str_mv |
http://lattes.cnpq.br/3691742159298316 |
dc.contributor.authorID.fl_str_mv |
396a7dbc-b016-4ec9-b1ef-a641745ce708 |
contributor_str_mv |
Senger, Hermes |
dc.subject.por.fl_str_mv |
Análise Ataque |
topic |
Análise Ataque Analysis Attacks Honeynet Honeypot IoT Malware CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
dc.subject.eng.fl_str_mv |
Analysis Attacks Honeynet Honeypot IoT Malware |
dc.subject.cnpq.fl_str_mv |
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
description |
This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable. |
publishDate |
2019 |
dc.date.accessioned.fl_str_mv |
2019-04-02T19:07:34Z |
dc.date.available.fl_str_mv |
2019-04-02T19:07:34Z |
dc.date.issued.fl_str_mv |
2019-02-25 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.citation.fl_str_mv |
GODOY, Douglas Baptista de. IoT Honeynet com Emulação da Internet. 2019. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de São Carlos, São Carlos, 2019. Disponível em: https://repositorio.ufscar.br/handle/ufscar/11176. |
dc.identifier.uri.fl_str_mv |
https://repositorio.ufscar.br/handle/ufscar/11176 |
identifier_str_mv |
GODOY, Douglas Baptista de. IoT Honeynet com Emulação da Internet. 2019. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de São Carlos, São Carlos, 2019. Disponível em: https://repositorio.ufscar.br/handle/ufscar/11176. |
url |
https://repositorio.ufscar.br/handle/ufscar/11176 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.relation.confidence.fl_str_mv |
600 600 |
dc.relation.authority.fl_str_mv |
2947c428-30b1-4d14-8369-e5871a4d7acc |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.publisher.none.fl_str_mv |
Universidade Federal de São Carlos Câmpus São Carlos |
dc.publisher.program.fl_str_mv |
Programa de Pós-Graduação em Ciência da Computação - PPGCC |
dc.publisher.initials.fl_str_mv |
UFSCar |
publisher.none.fl_str_mv |
Universidade Federal de São Carlos Câmpus São Carlos |
dc.source.none.fl_str_mv |
reponame:Repositório Institucional da UFSCAR instname:Universidade Federal de São Carlos (UFSCAR) instacron:UFSCAR |
instname_str |
Universidade Federal de São Carlos (UFSCAR) |
instacron_str |
UFSCAR |
institution |
UFSCAR |
reponame_str |
Repositório Institucional da UFSCAR |
collection |
Repositório Institucional da UFSCAR |
bitstream.url.fl_str_mv |
https://repositorio.ufscar.br/bitstream/ufscar/11176/1/Dissertacao_Douglas_Godoy_Final-mesclado.pdf https://repositorio.ufscar.br/bitstream/ufscar/11176/3/license.txt https://repositorio.ufscar.br/bitstream/ufscar/11176/4/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.txt https://repositorio.ufscar.br/bitstream/ufscar/11176/5/Dissertacao_Douglas_Godoy_Final-mesclado.pdf.jpg |
bitstream.checksum.fl_str_mv |
98cc756ceb0dcdd25247741e2b4e7374 ae0398b6f8b235e40ad82cba6c50031d f7b5042b36e9ffc5e0ff552c2f663c30 067a5a3eca5338a2ccc7cdff8b1a3680 |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
repository.name.fl_str_mv |
Repositório Institucional da UFSCAR - Universidade Federal de São Carlos (UFSCAR) |
repository.mail.fl_str_mv |
|
_version_ |
1802136355309879296 |