A Qualitative Empirical Analysis of Human Post-Exploitation Behavior

by   Daniel Schneider, et al.

Honeypots are a well-studied defensive measure in network security. This work proposes an effective low-cost honeypot that is easy to deploy and maintain. The honeypot introduced in this work is able to handle commands in a non-standard way by blocking them or replying with an insult to the attacker. To determine the most efficient defense strategy, the interaction between attacker and defender is modeled as a Bayesian two-player game. For the empirical analysis, three honeypot instances were deployed, each with a slight variation in its configuration. In total, over 200 distinct sessions were captured, which allows for qualitative evaluation of post-exploitation behavior. The findings show that attackers react to insults and blocked commands in different ways, ranging from ignoring to sending insults themselves. The main contribution of this work lies in the proposed framework, which offers a low-cost alternative to more technically sophisticated and resource-intensive approaches.


page 1

page 2

page 3

page 4


Catfish Effect Between Internal and External Attackers:Being Semi-honest is Helpful

The consensus protocol named proof of work (PoW) is widely applied by cr...

A Model for Perimeter-Defense Problems with Heterogeneous Teams

We develop a model of the multi-agent perimeter-defense game to calculat...

Measuring and Clustering Network Attackers using Medium-Interaction Honeypots

Network honeypots are often used by information security teams to measur...

Asymptotic Security using Bayesian Defense Mechanism with Application to Cyber Deception

This paper addresses the question whether model knowledge can guide a de...

Moving Target Defense for Web Applications using Bayesian Stackelberg Games

The present complexity in designing web applications makes software secu...

Protecting Classifiers From Attacks. A Bayesian Approach

Classification problems in security settings are usually modeled as conf...

Cost-Asymmetric Memory Hard Password Hashing

In the past decade, billions of user passwords have been exposed to the ...