Sponsor
This research received financial support in part from National Science Foundation (Grant #: 1908571).
Published In
MTD '21: Proceedings of the 8th ACM Workshop on Moving Target Defense
Document Type
Article
Publication Date
11-2021
Subjects
Software security engineering
Abstract
Attackers rely upon a vast array of tools for automating attacksagainst vulnerable servers and services. It is often the case thatwhen vulnerabilities are disclosed, scripts for detecting and exploit-ing them in tools such asNmapandMetasploitare released soonafter, leading to the immediate identification and compromise ofvulnerable systems. Honeypots, honeynets, tarpits, and other decep-tive techniques can be used to slow attackers down, however, such approaches have difficulty keeping up with the sheer number of vulnerabilities being discovered and attacking scripts that are being released. To address this issue, this paper describes an approach for applying concolic execution on attacking scripts in Nmap in order to automatically generate lightweight fake versions of the vulnerable services that can fool the scripts. By doing so in an automated and scalable manner, the approach can enable rapid deployment of custom honeyfarms that leverage the results of concolic execution to trick an attacker's script into returning a result chosen by the honeyfarm, making the script unreliable for the use by the attacker.
Rights
© 2021 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Locate the Document
DOI
10.1145/3474370.3485660
Persistent Identifier
https://archives.pdx.edu/ds/psu/39019
Citation Details
Li, Z., Chen, B., Feng, W. C., & Xie, F. (2021, November). Concolic Execution of NMap Scripts for Honeyfarm Generation. In Proceedings of the 8th ACM Workshop on Moving Target Defense (pp. 33-42).
Description
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org.