Sereysethy Touch

Sereysethy Touch

PhD in Computer Science, specialized in Cybersecurity

Talks and presentations

Automated Risk Assessment of Shell-based attacks

November 26, 2024

Conference proceedings talk, 19th International Conference on Risks and Security of Internet and Systems, TheCamp, Aix-en-Provence, FRANCE

A honeypot is an effective tool for luring attackers and collecting information on their methods. However, honeypots are vulnerable to exploitation and can become attack vectors, necessitating enhanced security. One way to improve security is by analyzing input submitted to the honeypot and assigning a risk level to determine execution, especially important for SSH adaptive honeypots. However, in the literature, only a simple binary classification is used to classify commands as either severe or non-severe. Motivated by this gap, we propose a novel approach to assess the risk of shell commands by classifying them into five risk levels ranging from very low risk (R0) to extremely high risk (R4), evaluating the potential adversarial impact of executing them on a system. The proposed approach is then used to build a classification model using a large-language model (LLM), RoBERTa, to automatically assess commands based on their defined risk levels. We evaluate this model against two other classifiers using two different embeddings: Bag-of-Words and Word2Vec. The evaluation result shows that the LLM-based classifier outperforms the other models in accurately assessing the risk levels of shell commands.

Gestion de la confiance dans un environnement IoT pour des infrastructures essentielles

May 06, 2024

Talk, Ecole d'été 2024, Cybersécurité , Université de Sherbrooke, Canada

As part of a lecture given by Pierre Martin Tardif on the topic “Gestion de la confiance dans un environnement IoT pour des infrastructures essentielles”, I gave a short talk on using honeypots as detection tools. The goal is to ensure that IoT devices function correctly and are not compromised.

An Adaptive Self-guarded honeypot

March 17, 2023

Seminar, CyberExcellence Seminar, Online, Belgium

In this talk, I presented my research on adaptive self-guarded honeypots. I began with an overview of honeypots, including their definition and the different classes of conventional honeypots. Before diving into my own work, I also discussed related research on adaptive honeypots.

Asguard: Adaptive Self-guarded Honeypot

October 26, 2021

Conference proceedings talk, Proceedings of the 17th International Conference on Web Information Systems and Technologies (WEBIST 2021), Valletta, Malta (Online)

Cybersecurity is of critical importance to any organisations on the Internet, with attackers exploiting any security loopholes to attack them. To combat cyber threats, a honeypot, a decoy system, has been an effective tool used since 1991 to deceive and lure attackers to reveal their attacks. However, these tools become increasingly easy to detect, which diminishes their usefulness. Recently, adaptive honeypots, which can change their behaviour in response to attackers, have emerged: despite their promise, however, they still have some shortcomings of their own. In this paper we survey conventional and adaptive honeypots and discuss their limitations. We introduce an approach for adaptive honeypots that uses Q-learning, a reinforcement learning algorithm, to effectively achieve two objectives at the same time: (1) learn to engage with attacker to collect their attack tools and (2) guard against being compromised by combining state environment and action to form a new reward function.