HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Motivation

Recent security reports indicate an increase in sophisticated cyber attacks. With the advancements in mobile devices (smartphones, tablets, etc.) as well as the increased number of available wireless networks many challenges arise from the security perspective. People tend to utilize unknown, in terms of trustworthiness, wireless networks in their daily life. They connect to these networks, e.g., airports and coffee shops offering Internet access, without knowledge of whether they are safe or infected with actively propagating malware.

 

In traditional networks, malicious behavior can be detected via Intrusion Detection Systems (IDSs).

However, IDSs cannot be applied easily to mobile environments and to resource constrained devices. Another common defense mechanism is honeypots, i.e., systems that pretend to be an attractive target to attract malware and attackers. As a honeypot has no productive use, each attempt to access it can be interpreted as an attack. Hence, they can provide an early indication on malicious network environments. Since low interaction honeypots do not demand high CPU or memory requirements, they are suitable to resource constrained devices like smartphones or tablets.

Approach

HosTaGe  is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims on the detection of malicious, wireless network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check wireless networks for actively propagating malware. We envision such honeypots running on all kinds of mobile devices, e.g., smartphones and tablets, to provide a quick assessment on the potential security state of a network.

HosTaGe is developed in Java for Android OS devices. The project can be accessed from the public repository here.

Students that are interested in conducting their Bachelorpraktikum project, Bachelor or Master thesis in this area may contact us for more details.

HosTaGe Portbinder

Note: Current HosTaGe version (v.3.0) includes automatic installation of the 'Portbinder' as well as support for utilizing Android's IP-Tables for binding provileded ports!

For previous versions (not supported any more) you can manually install the 'Portbinder':

To unlock the full functionality of HosTaGe, users need to have a rooted Android device with 'Portbinder' installed. It allows binding of privileged ports, i.e., < 1024, to allow some services to be emulated. 

Portbinder (or formerly known as Porthack) can be compiled from source (Look under the folder 'native') using Android NDK or copied from the list of pre-compiled binaries below (with your own risk).

Pre-compiled Portbinder Binaries
Device ArchitectureZip FileTar File
ARM.zip.tar
x86.zip.tar
MIPS.zip.tar


In each of the compressed files above, there is a binary file (filename:bind) that has to be extracted and stored in the following location in your rooted Android device: /data/local/bind

You can check out the video tutorial on how to copy the binary into your device from a computer. 

Feel free to contact us (hostage [at] tk [dot] informatik [dot] tu-darmstadt [dot] de) if you have any questions!

People

Publications

Demos

HosTaGe and its detection capabilities have been demonstrated in various IT security events worldwide, including:

  • International Conference on Security of Information and Networks (SIN), Glasgow/UK, 2014
  • Intel Workshop on Cyberphysical and Mobile Security, Darmstadt/Germany, 2014

SPIN News

06.06.2017

Press Article about TraCINg is online

An exciting article about project TraCINg, managed by TK researchers Dr. Florian Volk and Carlos Garcia,  has been published on hessen-schafft-wissen.de, an initiative of the Hessian Ministry for Science and Arts to provide... [more]

Category: Allgemeine News

29.05.2017

TK researcher got two papers accepted in top conferences

TK researcher (Nikolaos Alexopoulos) got two papers accepted in prestigious USENIX Security 2017 and IEEE TrustCom 2017 conferences. Paper details are as follows: Nikolaos Alexopoulos, Aggelos Kiayias, Riivo Talviste, Thomas... [more]

Category: Allgemeine News, Forschung

29.05.2017

Papers on “Resilience and Smart Grids” accepted in IEEE ICNSC 2017 and ENERGY 2017

TK researchers (Dr. Andrea Tundis and Rolf Egert) got a paper titled “Applying a Properties Modeling Approach for Monitoring Smart Grids” accepted in IEEE ICNSC 2017 conference. More details on this conference can be found at... [more]

Category: Allgemeine News, Forschung

29.05.2017

Paper on “Trust-aware CIDS” accepted at IFIPTM 2017

TK researchers (Dr. Emmanouil Vasilomanolakis and Dr. Sheikh Mahbub Habib) got a paper accepted in this year’s IFIP Trust Management conference. The paper is titled “Towards Trust-aware Collaborative Intrusion Detection:... [more]

Category: Allgemeine News, Forschung

29.05.2017

Paper presented at IEEE/IFIP DISSECT 2017

TK researcher (Dr. Emmanouil Vasilomanolakis) has presented his paper titled “Defending Against Probe-Response Attacks” in the IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT) 2017. More... [more]

Category: Allgemeine News, Forschung

20.08.2016

Best Paper Award in 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies

The paper "Towards the creation of synthetic, yet realistic, intrusion detection datasets" (written by Emmanouil Vasilomanolakis, Carlos Garcia Cordero, Nikolay Milanov and Max Mühlhäuser) from the SSI group of the... [more]

Category: Allgemeine News, Forschung, Preise und Auszeichnungen

19.04.2016

2 papers accepted in IEEE/IFIP DISSECT

2 papers of the SSI group of the Telecooperation lab were accepted in IEEE/IFIP DISSECT. [more]

Category: Allgemeine News, Forschung

Displaying 1 to 7 of 32
<< First < Previous 1-7 8-14 15-21 22-28 29-32 Next > Last >>
A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang