Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

Illinois Researchers Sweeten ‘Honeypot’ to Catch, Blacklist Hackers

By Allison Arp, Coordinated Science Laboratory, via NCSA | April 26, 2019

“The supreme art of war is to subdue the enemy without fighting” – Sun Tzu.

This quote inspired Coordinated Science Laboratory (CSL) student Phuong M. Cao and a team from the National Center for Supercomputing Applications (NCSA) to conduct research to understand how programs were being attacked. A paper about that research was accepted by the prestigious USENIX Symposium on Networked Systems Design and Implementation (NSDI).

In order to protect a system from an attack, the defender must know what it’s protecting against. By planting “honeypots,” the researchers were able to attract hackers by setting up phony machines on a large IP space to mimic more than 65,000 servers. Using this method, the group was able to draw in 405 million attack attempts to the honeypot and learn from them.

“Their strategy brought in a lot of the bad guys and after a quick analysis many had their router blacklisted by the NCSA security team,” said Cao’s advisor Ravi Iyer, CSL and Electrical and Computer Engineering (ECE) professor and George and Ann Fisher Distinguished Professor of Engineering. “The clever thing was the students took this information and decided to use the attacks being generated to discover how our system can withstand these attacks.”

The information collected about the attack techniques has already been integrated into security systems at NCSA. Justin Azoff and Alex Withers, both NCSA staff, are working closely with Cao and others to continuously audit and update the technology against ongoing attacks. This partnership shows how practical cybersecurity operations can support research and vice-versa.

“Many people overlook the potential impact of a brute force attack,” said Cao, an ECE graduate student. “Well known data breaches, Citrix for example, are the direct result of an unsecured server being exposed by this type of attack.”

In the case of the Citrix data breach, attackers were able to hack one or more weak passwords within the system that resulted in terabytes of data being exposed. Previously, hackers would use a dictionary and try different words repeatedly until an account was breached; now, Cao says, 6.5 billion passwords are publicly available and used in this brute-force attack styles.

Iyer believes finding a solution to such a common and costly problem was one of the reasons Cao’s paper, written with Subho S. Banerjee, a computer sciences graduate student, Yuming Wu, a fellow ECE student, and Zbigniew Kalbarczyk, an ECE research professor, was accepted by the NSDI symposium committee.

“They demonstrated on an attack style that is very common and now it can be expanded to look at a whole range of potential attacks,” said Iyer. “I think the research is very important and a reason it was accepted at NSDI, which has a notoriously low acceptance rate.”

The NDSI Symposium only selected 49 out of 332 submitted papers. Cao presented the paper and Wu presented a poster on the same project, all of which received wide industry recognition.

“People from Fortune 500 companies were interested in the work,” said Wu. “We had discussions about the details of the work, interest in the deployment of the infrastructure, and interest in future work inspired by this research.”

The original framework for the honeypot, developed by Azoff, is open-sourced and available on NCSA’s GitHub. So far the project has gained more than 400 positive reactions from the online community.

While industry partners are interested in future work, the University of Illinois at Urbana-Champaign’s online network is already benefiting from the software. In a single year, the team’s software has analyzed 405 million attack attempts and at one point prevented more than 57 million in one day. This has resulted in them having the largest dataset of analyzed brute-force attacks to date.

Attacks on Illinois’ network are local, but the analysis of the dataset has been shared with national laboratories and an international university via NCSA’s Shared Intelligence Platform for Protecting our National Cyberinfrastructure (SDAIA). Alerting and collaborating with other sites allows all locations to defend against attacks that have happened at other locations. The honeypot that the team is currently operating has observed attacks coming from 73 percent of the autonomous systems on the internet. Three-fourths of the internet seems like a lot, but Cao isn’t done yet.

“The future of this work is that we would gain a much larger adoption from other sites, not just in academia but also on the industry sites,” said Cao. “With the expansion of our shared intelligence platform we hope to cover the entire space of the internet. The future of our work is to look at how our approach can be applied to monitor more sophisticated attack activities across all the internet.”

Related Articles Read More >

R&D 100 winner of the day: Electromagnetic spectrum management system (ESMS)
Claude computer use
AI agents could begin transforming how we work in 2025
refinery
AI takes center stage in Honeywell-Chevron collaboration
Firefly blurred lines between a human and machine researcher 72875
Copyleaks CEO: OpenAI’s o1 emergence could blur the lines between human researcher and AI assistant
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE