Honeypot Successfully Caught Cyber Assailants

This post is also available in: עברית (Hebrew)

Researchers from the University of Texas at San Antonio (UTSA) have developed the first framework to score the agility of cyber attackers and defenders, in a project designed to detect and quickly respond to escalating cyber-attacks, The project is funded by the US Army Research Office.

“Cyber agility isn’t just about patching a security hole, it’s about understanding what happens over time. Sometimes when you protect one vulnerability, you expose yourself to 10 others,” said computer science alumnus Jose Mireles, who now works for the U.S. Department of Defense and co-developed the technological solution.

“In car crashes, we understand how to test for safety using the rules of physics. It is much harder to quantify cybersecurity because scientists have yet to figure out what are the rules of cybersecurity. Having formal metrics and measurement to understand the attacks that occur will benefit a wide range of cyber professionals.”

To develop a quantifiable framework, Mireles and his team used a honeypot — a computer system that lures real cyber-attacks — to attract and analyze malicious traffic according to time and effectiveness. As both the attackers and the defenders created new techniques, the researchers were able to better understand how a series of engagements transformed into an adaptive, responsive and agile pattern or what they called an evolution generation, according to phys.org.com.

The new framework will help government and industry organizations visualize how well they out-maneuver attacks.

“The DoD and US Army recognize that the Cyber domain is as important a battlefront as ground, air and sea,” said Purush Iyer, Ph.D. division chief, network sciences at Army Research Office. “Being able to predict what the adversaries will likely do provides opportunities to protect and to launch countermeasures.”