Kate Highnam

Kate Highnam

Ph.D. Student in Electrical and Electronic Engineering

Kate Highnam is a Ph.D. Student under the joint supervision of Professor Nicholas R. Jennings CB, FREng, and Dr. Sergio Maffeis. Her professional experience in machine learning and cyber security motivates her current research into domain adaptation in intrusion detection with real world applications. Kate is also an Enrichment student with The Alan Turing Institute in London.

Scroll down for more details...

Don’t just try once, tri-al: Adaptive Honeypot Deployments for Affordable Controlled Data Collection

Lightning Talk

Honeypot Deployment; Attacks and Malware Capture; Honeypot Design

Traditional honeypot deployments expose vulnerable systems for extended periods of time in large quantities to gather empirical information on intrusion techniques. This deployment strategy can be too slow to respond to emerging threats and provide opportunity for attackers to develop detection techniques on the honeypots employed. In this talk, we present two new methodologies inspired by the clinical trial community to optimize this data collection process by decreasing the cost and amount of time required to obtain similar information. These methodologies are applied in an exemplary study to autonomously and rapidly answer immediate questions on the risk of a given vulnerability. The first is a Randomized Control Trial (RCT) that compares honeypots with and without a certain vulnerability to understand its impact within the given population. This method ensures conclusion within a set budget, but relies on accurate initial assumptions prior to starting the trial. The second method, known as Adaptive Design (AD), can improve RCTs by optimizing mid-trial with statistical methods to achieve the set objectives with less resources. Unlike the RCT, AD can alter some initial assumptions during the trial to account for inaccuracies, but the alterations might exceed a given budget. We compare both the RCT and AD methods with the vanilla deployment, where a large quantity of honeypots are observed over a set length of time rather than stages. By conducting studies with a control, we uncover a method of understanding the causal relationship a vulnerability has on a system infection.