Indian Institute of Technology Kanpur

Syllabus 

Course Title:  Honeypots and Deception Technologies for Advanced Protection

Course No: CS988

Credits:   3-0-0-0- [9]

Prerequisite: Expertise in programming, basic knowledge of computer security, networking, Linux, Dockers would help a student to understand the topics. 

Instructor:  

Sandeep Kumar Shukla, 

Professor, 

 

Learning Objectives: 

Collecting threat intelligence is an essential component of cyber defense. Knowing if there are teams to arrest the attacks before they become wide spread within the system. Honeypot is one such technology through which decoy systems are planted in a network by the cyber defense team and the activities on these decoy systems are closely watched through automated intrusion detection tools. Another component of deception is to create honey files, honey tokens, honey credentials to lead the attacker in believing that they have found valuable information or credentials to breach the system – but instead they are watched and stopped. For a professional to be effective cyber defense professional – knowledge of creating, maintaining, and data collection process, data analytics to obtain actionable threat intelligence are essential. This course is aimed at cyber professionals to impart that knowledge with hands-on experience. 

The students will be exposed to the following topics:

  1. Threat Intelligence and its role in Cyber Security 
  2. Deception Technology as a way of collecting threat intelligence at play 
  3. Server side Deception Technologies
    1. Honeypots and Honeynets
    2. IT Honeypots vs OT Honeypots
    3. Collecting attack activities from Honeypot through Intrusion Detection Technologies
    4. Data Analytics on threat information
  4. Client Side Deception Technologies
    1. Honey Files, Honey Credentials, Honey Tokens
    2. Collecting Intelligence and alarm generation 
  5. Collecting Malware through Honeypots and their analysis
  6. Future directions of Deception Technologies and their 

The course will be very heavy on projects and require ability to quickly learn systems and programming. 

 

Module

Topic 

No. of 1 hour Lectures

Introduction

Threat Intelligence and its role in Cyber Security 

Deception Technology as a way of collecting threat intelligence at play 

 

3

Server Side Deception 

Server side deception Technologies

  1. Honeypots and Honeynets
  2. IT Honeypots vs OT Honeypots
  3. Collecting attack activities from Honeypot through Intrusion Detection Technologies
  4. Data Analytics on threat information

 

10

Client Side Deception 

Client Side Deception Technologies

  1. Honey Files, Honey Credentials, Honey Tokens
  2. Collecting Intelligence and alarm generation 

 

3

Threat Analytics and Intelligence Collection  

Collecting Malware through Honeypots and their analysis

 

2

Future Directions in Deception Technologies

Kubernetics, Orchestration, AI/ML Applications 

2

 Total Lecture hours

 

20 hours 

 

Text:

There is no textbook for such a course yet. 

There will be resources put on the web by the instructor.

  • Lecture notes, assignments, supplemental readings, and other resources will be provided via the course website
  • The course will consist of 3 hours of lectures per week, projects and homework, and possibly a course project.