We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: A Qualitative Empirical Analysis of Human Post-Exploitation Behavior

Abstract: Honeypots are a well-studied defensive measure in network security. This work proposes an effective low-cost honeypot that is easy to deploy and maintain. The honeypot introduced in this work is able to handle commands in a non-standard way by blocking them or replying with an insult to the attacker. To determine the most efficient defense strategy, the interaction between attacker and defender is modeled as a Bayesian two-player game. For the empirical analysis, three honeypot instances were deployed, each with a slight variation in its configuration. In total, over 200 distinct sessions were captured, which allows for qualitative evaluation of post-exploitation behavior. The findings show that attackers react to insults and blocked commands in different ways, ranging from ignoring to sending insults themselves. The main contribution of this work lies in the proposed framework, which offers a low-cost alternative to more technically sophisticated and resource-intensive approaches.
Subjects: Cryptography and Security (cs.CR); Computer Science and Game Theory (cs.GT)
Cite as: arXiv:2101.02102 [cs.CR]
  (or arXiv:2101.02102v1 [cs.CR] for this version)

Submission history

From: Daniel Schneider [view email]
[v1] Wed, 6 Jan 2021 15:46:43 GMT (18kb)

Link back to: arXiv, form interface, contact.