Getting a head start on an attacker is a difficult problem because the attacker can always take advantage of new weaknesses and vulnerabilities in the computer system. To address this, in this research Sereysethy focuses on using an adaptive honeypot named Asgard using the SSH protocol as a decoy system intended to be attacked and compromised. This honeypot relies on reinforcement learning algorithms to maintain interaction with the attacker for as long as possible, to capture attack data that can later be used to discover new attack vectors. Unlike conventional honeypots that can be freely attacked and fully compromised, our new honeypot system has a defensive behavior that can decide to block, substitute the execution of malicious commands and malware, or allow them to run if the system is not completely compromised.
WP4 – La protection et le partage des données au cœur des préoccupations
GD02 – Gestion des risques pour tests de pénétration
GD03 – Cyber-sécurisation « by design » de systèmes cyber-physiques
External funding
Touch, S., & Colin, J. N. (2021, October). Asguard: Adaptive Self-guarded Honeypot. In 17th International Conference on Web Information Systems and Technologies-Volume 1: DMMLACS, (pp. 565-574). SciTePress.
Touch, S., & Colin, J. N. (2022). A Comparison of an Adaptive Self-Guarded Honeypot with Conventional Honeypots. Applied Sciences, 12(10), 5224.