Synopsis
A honeypot is a security tool deliberately designed to be vulnerable, thereby enticing attackers to probe, exploit, and compromise it. Since their introduction in the early 1990s, honeypots have remained among the most widely used tools for capturing cyberattacks, complementing traditional defenses such as firewalls and intrusion detection systems. They serve both as early warning systems and as sources of valuable attack data, enabling security professionals to study the techniques and behaviors of threat actors.
While conventional honeypots have achieved significant success, they remain deterministic in their responses to attacks. This is where adaptive or intelligent honeypots come into play. An adaptive honeypot leverages Machine Learning techniques, such as Reinforcement Learning, to interact with attackers. These systems learn to take actions that can disrupt the normal execution flow of an attack, potentially forcing attackers to alter their techniques. As a result, attackers must find alternative routes or tools to achieve their objectives, ultimately leading to the collection of more attack data.
Despite their advantages, traditional honeypots face two main challenges. First, emulation-based honeypots (also known as low- and medium-interaction honeypots) are increasingly susceptible to detection, which undermines their effectiveness in collecting meaningful attack data. Second, real-system-based honeypots (also known as high-interaction honeypots) pose security risks to the hosting organization if not properly isolated and protected. Since adaptive honeypots rely on the same underlying systems, they also inherit these challenges.
This thesis investigates whether it is possible to design a honeypot system that mitigates these challenges while still fulfilling its primary objective of collecting attack data. To this end, it proposes a new abstract model for adaptive self-guarded honeypots, designed to balance attack data collection, detection evasion, and security preservation, ensuring that it does not pose a risk to the rest of the network.
Membres du jury
- Prof. Wim VANHOOF, Président, Université de Namur
- Prof. Jean-Noël COLIN, Promoteur, Université de Namur
- Prof. Florentin ROCHET, Membre interne, Université de Namur
- Prof. Benoît FRENAY, Membre interne, Université de Namur
- Prof. Ramin SADRE, Membre externe, Université catholique de Louvain
- Dr. Jérôme FRANCOIS, Membre externe, Université du Luxembourg
Vous êtes cordialement invités à un drink, qui suivra la soutenance publique.
Pour une bonne organisation, merci de donner votre réponse pour le mardi 20 mai 2025.
