Lessons Learned from the deployment of a high-interaction honeypot

This paper presents an experimental study and the lessons learned from the observation of the attackers when logged on a compromised machine. The results are based on a six months period during which a controlled experiment has been run with a high interaction honeypot. We correlate our findings with those obtained with a worldwide distributed system of lowinteraction honeypots

Experimental Validation of Architectural Solutions

This is a interim report on the experimental validation of architectural solutions performed in WP5 of project CRUTIAL. The two main contributions are the description of an attack injection tool for testing the architectural solutions and the description of a monitor and data collector that collects and analyses information about the behavior of the software after it has been attacke

Paternal methotrexate exposure affects sperm small RNA content and causes craniofacial defects in the offspring

Folate is an essential vitamin for vertebrate embryo development. Methotrexate (MTX) is a folate antagonist that is widely prescribed for autoimmune diseases, blood and solid organ malignancies, and dermatologic diseases. Although it is highly contraindicated for pregnant women, because it is associated with an increased risk of multiple birth defects, the effect of paternal MTX exposure on their offspring has been largely unexplored. Here, we found MTX treatment of adult medaka male fish (Oryzias latipes) causes cranial cartilage defects in their offspring. Small non-coding RNA (sncRNAs) sequencing in the sperm of MTX treated males identify differential expression of a subset of tRNAs, with higher abundance for specific 5′ tRNA halves. Sperm RNA methylation analysis on MTX treated males shows that m5C is the most abundant and differential modification found in RNAs ranging in size from 50 to 90 nucleotides, predominantly tRNAs, and that it correlates with greater testicular Dnmt2 methyltransferase expression. Injection of sperm small RNA fractions from MTX-treated males into normal fertilized eggs generated cranial cartilage defects in the offspring. Overall, our data suggest that paternal MTX exposure alters sperm sncRNAs expression and modifications that may contribute to developmental defects in their offspring.CSIC: I+D_2020_43

Experimental Validation of Architectural Solutions

In this deliverable the experimental results carried out in four different contexts are reported. The first contribution concerns an experimental campaign performed using the AJECT (Attack inJECTion) tool able to emulate different types of attackers behaviour and to collect information on the effect of such attacks on the target system performance. This tool is also used to perform some of the experiments described in the fourth part of the deliverable. The second contribution concerns a complementary approach using honeypots to cap- ture traces of attacker behaviours, to then study and characterize them. Different kinds of honeypots were deployed in the described experiments: low-interaction and high-interaction ones, exposing different kinds of services and protocols (general purpose network services as well as SCADA specific ones). The third and fourth contribution refer to experiments conducted on some com- ponents of the CRUTIAL architecture, namely FOSEL (Filtering with the help of Overlay Security Layer), the CIS-CS (Communication Service) and the CIS-PS (Protection Service). The experiments have been performed with the aim of evaluating the effectiveness of the proposed components from the point of view of the dependability improvement they bring, as well as the performance overhead introduced by their implementation.Project co-funded by the European Commission within the Sixth Framework Programme (2002-2006

Observation, caractérisation et modélisation de processus d'attaques sur Internet

Observation, characterization and modeling of attack pro- cesses on the Internet The development of appropriate methods to observe and characterize attacks on the Internet is important to improve our knowledge about these threats and the behavior of the attackers. In particular, information obtained from such analyses are useful to establish realistic assumptions and to implement protection mechanisms to cope with these threats. The work presented in this thesis falls within this context using honeypots as a means to collect data characterizing the malicious activities on the Internet. A honeypot is a computer system that is deliberately vulnerable and is aimed at attracting the attackers to study their behavior. Our work and contributions cover two main objectives. The first one concerns the development of a methodology and stochastic models to characterize the distribution of the time intervals between attacks, the propagation of attacks and the correlations between the attack processes observed on several honeypot environments, using data collected from low interaction honeypots deployed in the context of the Leurré.com project. The second part of our work focuses on the development and deployment of a high interaction honeypot to explore the progression of an attack within a system, considering as an example attacks against the ssh service. The analysis of data collected allowed us to observe different stages of an intrusion and to demonstrate the relevance of our approach.Le développement de méthodes permettant l'observation et la caractérisation d'attaques sur Internet est important pour améliorer notre connaissance sur le comportement des attaquants. En particulier, les informations issues de ces analyses sont utiles pour établir des hypothèses réalistes et mettre en oeuvre des mécanismes de protection pour y faire face. Les travaux présentés dans cette thèse s'inscrivent dans cette optique en utilisant des pots de miel comme moyen pour collecter des données caractérisant des activités malveillantes sur Internet. Les pots de miel sont des systèmes informatiques volontairement vulnérables et visant à attirer les attaquants afin d'étudier leur comportement. Nos travaux et contributions portent sur deux volets complémentaires. Le premier concerne le développement d'une méthodologie et de modèles stochastiques permettant de caractériser la distribution des intervalles de temps entre attaques, la propagation et les corrélations entre les processus d'attaques observés sur plusieurs environnements, en utilisant comme support les données issues de pots de miel basse interaction d'eployés dans le cadre du projet Leurré.com. Le deuxième volet de nos travaux porte sur le développement et le déploiement d'un pot de miel haute interac- tion permettant d'étudier aussi la progression d'une attaque au sein d'un système, en considérant comme exemple des attaques visant le service ssh. L'analyse des données collectées nous a permis d'observer différentes étapes du processus d'intrusion et de montrer la pertinence de notre d'approche

Détection de défaillance de gestionnaires de machines virtuelles

International audienceCe papier décrit une nouvelle méthode pour la détection de compromission degestionnaires machines virtuelles dans un contexte de cloud computing. L’approche proposées’appuye sur la virtualisation récursive