Enriching Low-interaction Honeypots using Smart Backend Systems
External reference persons Giulia Milan - DET
Idilio Drago - UNITO
Research Groups Smartdata, Telecommunication Networks Group
Description Low-interaction honeypots are systems that simulate real applications. They are deployed to be attacked, mimicking real systems to obtain as much information as possible about attacking tools and scripts. We have developed CannyPot, a honeypot system that learns while interacting with attackers. CannyPot relies on virtual machines to run unknown requests sent by attackers and learn future responses for unknown commands. Scaling the backend system is fundamental to speedup CannyPot learning.
The goal of this thesis is to develop algorithms to guide the CannyPot backend exploration. The student will evaluate machine learning algorithms that can control the Explorer and reduce the time to obtain responses that engage attackers. The algorithms will receive feedback from CannyPot and give priority to the exploration of commands based on their importance. Equally the system will learn which backend VMs to explore first, based on their contribution to the learning of new attacking patterns.
Required skills - Computer Science or Computer Engineering
- Interest in cyber-security
- Interest in machine learning and AI algorithms, such as reinforcement learning
- Good programming skill (desirable Python)
Deadline 18/11/2022 PROPONI LA TUA CANDIDATURA