TY - JOUR
T1 - ADAPT: Adaptive Camouflage Based Deception Orchestration For Trapping Advanced Persistent Threats
AU - Putrevu, Venkata Sai Charan
AU - Mukhopadhyay, Subhasis
AU - Manna, Subhajit
AU - Rani, Nanda
AU - Vaid, Ansh
AU - Chunduri, Hrushikesh
AU - Putrevu, Mohan Anand
AU - Shukla, Sandeep
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/9/14
Y1 - 2024/9/14
N2 - Honeypots serve as a valuable deception technology, enabling security teams to gain insights into the behaviour patterns of attackers and investigate cyber security breaches. However, traditional honeypots prove ineffective against advanced adversaries like Advanced Persistent Threats (APT) groups due to their evasion tactics and awareness of typical honeypot solutions. This article emphasises the need to capture these attackers for enhanced threat intelligence, detection, and protection. To address this, we propose the design and deployment of a customized honeypot network based on adaptive camouflaging techniques. Our work focuses on orchestrating a behavioral honeypot network tailored for three APT groups, with strategically positioned attack paths aligning with their tactics, techniques, and procedures, covering all cyber kill chain phases. We introduce a novel approach, deploying a camouflaged chatterbox application within the honeypot network. This application offers a regular chat interface while periodically tracking attacker activity by enabling periodic log transfers. Deployed for 100 days, our orchestrated honeypot recorded 13,906,945 hits from 4,238 unique IP addresses. Our approach categorizes attackers, discerning varying levels of sophistication, and identifies attacks from Hong Kong with similarities to known Chinese threat groups. This research significantly advances honeypot technology and enhances the understanding of sophisticated threat actors' strategies in real operating networks.
AB - Honeypots serve as a valuable deception technology, enabling security teams to gain insights into the behaviour patterns of attackers and investigate cyber security breaches. However, traditional honeypots prove ineffective against advanced adversaries like Advanced Persistent Threats (APT) groups due to their evasion tactics and awareness of typical honeypot solutions. This article emphasises the need to capture these attackers for enhanced threat intelligence, detection, and protection. To address this, we propose the design and deployment of a customized honeypot network based on adaptive camouflaging techniques. Our work focuses on orchestrating a behavioral honeypot network tailored for three APT groups, with strategically positioned attack paths aligning with their tactics, techniques, and procedures, covering all cyber kill chain phases. We introduce a novel approach, deploying a camouflaged chatterbox application within the honeypot network. This application offers a regular chat interface while periodically tracking attacker activity by enabling periodic log transfers. Deployed for 100 days, our orchestrated honeypot recorded 13,906,945 hits from 4,238 unique IP addresses. Our approach categorizes attackers, discerning varying levels of sophistication, and identifies attacks from Hong Kong with similarities to known Chinese threat groups. This research significantly advances honeypot technology and enhances the understanding of sophisticated threat actors' strategies in real operating networks.
UR - https://doi.org/10.1145/3651991
U2 - 10.1145/3651991
DO - 10.1145/3651991
M3 - Article
VL - 5
JO - Digital Threats: Research and Practice
JF - Digital Threats: Research and Practice
IS - 3
M1 - ART21
ER -