Threat assessment and cyber-attack profiling is increasingly important in the modern world of Internet-connected computers, things and people, where cyber-dependency has become a prominent phenomenon and hacking expertise is readily available in open source repositories. Active and passive targets, such as honeypots and internet black holes, are instrumental for providing active defence and rapid incident response mechanisms by assessing the threat level and modus operandi of the detected intrusions. However, despite fast-paced advances in the field, the design of an efficient adaptive behaviour of a honeypot with intelligent interaction capabilities remains a considerable challenge. Also, there is a pressing shortage of openly accessible repositories of comprehensive, representative and up-to-date volumes of attack data and profiling resources to support advanced cybersecurity research.
AdaHon is a cybersecurity experiment run within Fed4FIRE+, a project under the European Union’s Programme Horizon 2020 that offers the largest federation worldwide of Next Generation Internet (NGI) testbeds, providing open, accessible and reliable facilities supporting a wide variety of different research and innovation communities and initiatives in Europe. The experiment leverages two Fed4FIRE+ testbeds:
- PlanetLab Europe to deploy a network of geographically distributed honeypots and collect large volumes of attack data, and
- TENGU for their big data storage and analytics resources to implement attacker profiling and honeypot adaptation algorithms.
During AdaHon experiment we will deploy and validate a distributed network of adaptive honeypots, by leveraging capabilities of the PlanetLab Europe testbed to scale the currently available UL’s implementation to a distributed EU-wide deployment, and the TENGU testbed’s storage, computing and analytics resources. The purpose is two-fold, i.e.:
- to gain comprehensive and up-to-date insights into attacker profiles and modern 2019 landscape of hacking tools, and make this knowledge openly available, and
- to experiment with improved attacker profiling algorithms and unassisted learning techniques to support intelligent adaptivity of the honeypots, which can be used in modern deception technology to make it more attractive for the attackers and to avoid or prolong the time before detection during an attack.