Soutenance publique de thèse de doctorat en informatique : Sereysethy TOUCH

ASGARD: An Abstract Model for Adaptive Self-Guarded Honeypots

A honeypot is a security tool deliberately designed to be vulnerable, thereby enticing attackers to probe, exploit, and compromise it. Since their introduction in the early 1990s, honeypots have remained among the most widely used tools for capturing cyberattacks, complementing traditional defenses such as firewalls and intrusion detection systems. They serve both as early warning systems and as sources of valuable attack data, enabling security professionals to study the techniques and behaviors of threat actors.

 

While conventional honeypots have achieved significant success, they remain deterministic in their responses to attacks. This is where adaptive or intelligent honeypots come into play. An adaptive honeypot leverages Machine Learning techniques, such as Reinforcement Learning, to interact with attackers. These systems learn to take actions that can disrupt the normal execution flow of an attack, potentially forcing attackers to alter their techniques. As a result, attackers must find alternative routes or tools to achieve their objectives, ultimately leading to the collection of more attack data.

 

Despite their advantages, traditional honeypots face two main challenges. First, emulation-based honeypots (also known as low- and medium-interaction honeypots) are increasingly susceptible to detection, which undermines their effectiveness in collecting meaningful attack data. Second, real-system-based honeypots (also known as high-interaction honeypots) pose security risks to the hosting organization if not properly isolated and protected. Since adaptive honeypots rely on the same underlying systems, they also inherit these challenges.

 

This thesis investigates whether it is possible to design a honeypot system that mitigates these challenges while still fulfilling its primary objective of collecting attack data. To this end, it proposes a new abstract model for adaptive self-guarded honeypots, designed to balance attack data collection, detection evasion, and security preservation, ensuring that it does not pose a risk to the rest of the network.

 

Contact : Isabelle Daelman - isabelle.daelman@unamur.be
Télecharger : vCal