Classify Sessions and Honeybees on beekeeper. #49

johnnykv · 2013-04-27T09:25:36Z

Currently Sessions (hive/attackers) and Honeybees (feeder) entities are written to the database without correlation.

All Session which are Honeybees needs to be marked as such, to identify this one would have to compare data from the two entities.

Some notes on classification:

~~Honeybee (which succeeded) and matching Session~~
- ~~Everything ok! Delete Session.~~
~~Honeybee (which succeeded) but no matching Session~~
- ~~Potential MiTM attack (attacker mimics server).~~
~~Session with no Honeybee~~
- ~~Potential brute force attack.~~
Session with matching username/password in honeybee.
- Potential MiTM attack (attacker interceptes and reuse credentials).

johnnykv · 2013-05-19T08:45:31Z

Added a attribute which will reflect the current classification. (not yet in repo)
http://editor.ponyorm.com/user/jkv/beeswarm_beekeeper

related to #49

ghost assigned johnnykv Apr 27, 2013

johnnykv mentioned this issue May 17, 2013

Figure out how to correlate data between hive and feeder #6

Closed

johnnykv mentioned this issue May 19, 2013

Detect MiTM attacks. (for protocols using certificates) #71

Open

johnnykv added a commit that referenced this issue May 26, 2013

added dummy classification

62e2a8f

related to #49

johnnykv added a commit that referenced this issue May 29, 2013

initial work on classifier

75ed921

#49

johnnykv added a commit that referenced this issue May 29, 2013

classify brute-force attempts

8c7b34b

#49

johnnykv closed this as completed in 018199e May 30, 2013

Provide feedback