The Experts below are selected from a list of 21 Experts worldwide ranked by ideXlab platform
Elovici Yuval - One of the best experts on this subject based on the ideXlab platform.
-
Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots
2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort
-
Detection of threats to IoT devices using scalable VPN-forwarded honeypots
'Association for Computing Machinery (ACM)', 2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort.Peer reviewe
Motonori Nakamura - One of the best experts on this subject based on the ideXlab platform.
-
an optimal route selection mechanism for Outbound Connection on ipv6 site multihoming environment
Computer Software and Applications Conference, 2013Co-Authors: Takuya Yamaguchi, Yong Jin, Nariyoshi Yamai, Kiyohiko Okayama, Koki Okamoto, Motonori NakamuraAbstract:Recently, the Internet is widely used as a social basis and is not only providing many kinds of services but also offering these at high speed with high reliability. As one method for such a demand, multihoming technique, by which the inside network is connected with two or more ISPs (Internet Service Providers) and can use them properly according to network condition, attracts attention. In IPv6 site multihoming environment, multiple IP addresses are usually assigned to each host in the site. However, when a packet is sent from an inside node to outside, the packet has to go through a proper site-exit router in order to avoid ingress filtering. Therefore, especially, when communicating on the Outbound Connection initiated on an inside node, it is impossible to select a proper site-exit router since the source IP address is selected before initiating a Connection. To solve this problem, we propose a route selection method for Outbound Connections. This method introduces a middleware into each inside node to establish a Connection via each site-exit router simultaneously and then uses the first established Connection. This middleware also introduces a kind of Network Address Translation (NAT) function to avoid ingress filtering. According to simulation experiments, we confirmed that the proposed method can select proper routes.
Tambe Amit - One of the best experts on this subject based on the ideXlab platform.
-
Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots
2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort
-
Detection of threats to IoT devices using scalable VPN-forwarded honeypots
'Association for Computing Machinery (ACM)', 2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort.Peer reviewe
Aung, Yan Lin - One of the best experts on this subject based on the ideXlab platform.
-
Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots
2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort
-
Detection of threats to IoT devices using scalable VPN-forwarded honeypots
'Association for Computing Machinery (ACM)', 2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort.Peer reviewe
Sridharan Ragav - One of the best experts on this subject based on the ideXlab platform.
-
Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots
2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort
-
Detection of threats to IoT devices using scalable VPN-forwarded honeypots
'Association for Computing Machinery (ACM)', 2019Co-Authors: Tambe Amit, Aung, Yan Lin, Sridharan Ragav, Ochoa Martin, Tippenhauer, Nils Ole, Shabtai Asaf, Elovici YuvalAbstract:Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using Connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an Outbound Connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious Connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort.Peer reviewe
