VTechWorks staff will be away for the winter holidays starting Tuesday, December 24, 2024, through Wednesday, January 1, 2025, and will not be replying to requests during this time. Thank you for your patience, and happy holidays!
 

Strengthening MT6D Defenses with Darknet and Honeypot capabilities

dc.contributor.authorBasam, Dileep Kumaren
dc.contributor.committeechairMarchany, Randolph C.en
dc.contributor.committeechairTront, Joseph G.en
dc.contributor.committeememberRansbottom, J. Scoten
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2015-12-26T09:05:38Zen
dc.date.available2015-12-26T09:05:38Zen
dc.date.issued2015-12-09en
dc.description.abstractWith the ever increasing adoption of IPv6, there has been a growing concern for security and privacy of IPv6 networks. Mechanisms like the Moving Target IPv6 Defense (MT6D) leverage the immense address space available with the new 128-bit addressing scheme to improve security and privacy of IPv6 networks. MT6D allows participating hosts to hop onto new addresses, that are cryptographically computed, without any disruption to ongoing conversations. However, there is no feedback mechanism in the current MT6D implementation to substantiate the core strength of the scheme i.e., to find an attacker attempting to discover and target any MT6D addresses. This thesis proposes a method to monitor the intruder activity targeting the relinquished addresses to extract information for reinforcing the defenses of the MT6D scheme. Our solution identifies and acquires IPv6 addresses that are being discarded by MT6D hosts on a local network, in addition to monitoring and visualizing the incoming traffic on these addresses. This is essentially equivalent to forming a darknet out of the discarded MT6D addresses. The solution's architecture also includes an ability to deploy a virtual (LXC-based) honeypot on-demand, based on any interesting traffic pattern observed on a discarded address. With this solution in place, we can become cognizant of an attacker trailing an MT6D-host along the address changes, as well as understanding the composition of attack traffic hitting the discarded MT6D addresses. With the honeypot deployment capabilities, the solution can take the conversation forward with the attacker to collect more information on attacker methods and delay further tracking attempts. The solution architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation (JSON) object. This feature allows the MT6D host to identify any suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution's feasibility and scalability.en
dc.description.degreeMaster of Scienceen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:6692en
dc.identifier.urihttp://hdl.handle.net/10919/64375en
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectMoving Target Defenseen
dc.subjectMT6Den
dc.subjectDarkneten
dc.subjectHoneypoten
dc.subjectDionaeaen
dc.subjectIPv6en
dc.titleStrengthening MT6D Defenses with Darknet and Honeypot capabilitiesen
dc.typeThesisen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.levelmastersen
thesis.degree.nameMaster of Scienceen

Files

Original bundle
Now showing 1 - 2 of 2
Loading...
Thumbnail Image
Name:
Basam_DK_T_2015.pdf
Size:
1.79 MB
Format:
Adobe Portable Document Format
Loading...
Thumbnail Image
Name:
Basam_DK_T_2015_support_1.pdf
Size:
353.42 KB
Format:
Adobe Portable Document Format
Description:
Supporting documents

Collections