Hong Kong Chapter Status Report for 2013

ORGANIZATION
 
This Project is a SIG of Professional Information Security Association (PISA).
Major infrastructer is hosting at City University of Hong Kong (CityU).
Our interested research area including: malware, botnet, client-side attack and webapp attack etc.
 
Current chapter members
Alan Tam
Alan Lam
Anthony Lai
Daniel Luo
Frankie Li
Peter Cheung
Roland Cheung
WS Lam
 
List changes in the structure of your chapter
Eric Fan (new member)
Frankie Wong (new member)
 
DEPLOYMENTS
11 Honeypots deployed by Hong Kong Chapter, collecting the data for security trend analysis
included:
    1 x Nepenthes
3 x Dionaea 
3 x Kippo
4 x HonEeeBox device
published:
    Over 160M Bytes data submitted to HPFriends

[By Alan Lam, Eric Fan, Peter Cheung, Roland Cheung, WS Lam] 

RESEARCH AND DEVELOPMENT
 1. Conduct the research on Android security and vulnerability analysis, such as, information leakage in App’s network traffic, incorrect SSL usage, access control, dynamic tainted analysis, etc. This is a joint work with my students in the Hong Kong Polytechnic University.
2. Study the features of botnet traffic and examine how they could evade the detection.
[By Daniel Luo]

3. Setup research environment from honeynet ARE VM  for Android APK analysis.
4. Setup an APK downloading tool, which downloads APK from Play Store monthly for mischievous apps analysis.
[By Frankie Wong]

5. Manage 2 HoneyCloud servers for honeynet tools testing platform.
6. Use Splunk to visualize the collected data.
[By Roland Cheung]

7. Run Snort IDS to monitor inbound attacks:
Top 3 frequent attacks are:
1. BAD-TRAFFIC SSH brute force login attempt (104,020 hits; 57.06%)
2. SHELLCODE x86 inc exc NOOP (41,207 hits; 22.60%)
3. WEB-MISC Generic HyperLink buffer overflow attempt (15,290 hits; 8.39%)
[By Alan Lam] 
 
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
[Presentations]
May 25,2013, organized a public seminar "Known Your Enemy By Honeynet" to local security association, we talked about the latest development of honeynet and demostrated several popular honeynet tools.
http://www.honeybird.hk/honeybird-update/knownyourenemybyhoneynet
[By Frankie Wong, Peter Cheung, Roland Cheung]

September 17, 2013, organized a private seminar “Honeynet Tools Demonstration” to a local hosting corporation, we demonstrated several popular honeynet tools and how to apply in corporate environment.
 [By Eric Fan, Roland Cheung]

[Papers]
J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz, “Building A Scalable System For Stealthy P2P-Botnet Detection,”  IEEE Transactions on Information Forensics and Security (TIFS), 2013 (accepted).
[By Daniel Luo]

X. Luo, E. Chan, P. Zhou, and R. Chang, “Robust Network Covert Communications Based on TCP and Enumerative Combinatorics,” IEEE Transactions on Dependable and Secure Computing (TDSC), Vol. 9, No. 6, Nov.-Dec., 2012.
[By Daniel Luo]
 
GOALS
1. A study project to use open intelligence data and honeynet tools to check the security status of popular websites in Hong Kong (e.g. Top 100 website administrated by Hong Kong Company  in Alexa) in daily.
2. A study project to use visualization tool (Kibana, D3 etc) to present the data collected by Honeypot.
 
MENTORING
1. As the mentors of a local education intitute (IVE)  mentorship program. We conducted a 30 hours program for 3 students (Higher Diploma in Information and Network Security) to use Kippo Honeypot to learn honeynet technology.
[By Peter Cheung, Roland Cheung]