CSE498, Collaborative Design, Fall 2019
Computer Science and Engineering
Michigan State University

Headquartered in Sunnyvale, California, Proofpoint is an innovative cyber security company offering protection to a wide range of Fortune 100 corporations as well as public institutions such as Michigan State University.

For those with sensitive data, the threat of cyberattacks is constant. Companies, and those who protect them, find themselves locked in an endless battle with rapidly advancing, malicious, and highly coordinated foreign threats.

Our Detecting State-Sponsored Cyber Security Threat Actors platform is designed to swiftly analyze and study these state-sponsored threats to better understand their attack patterns and to thwart future attacks.

To gain adequate data from threats in a controlled environment, the cyber security industry often turns to a mechanism known as a honeypot. Honeypots appear to contain information an attacker would find valuable, but in reality is effectively worthless. Upon accessing the honeypot, the attacker’s actions are monitored, and their methods analyzed.

Our Detecting State-Sponsored Cyber Security Threat Actors system simplifies the process outlined above. It enables researchers to quickly generate honeypots, depicted as the bottom website and paper to the right, place them in high-traffic areas, and stream obtained data back to an intuitive dashboard.

The web dashboard enables security researchers to investigate individual attacks and the efficacy of each lure, allowing them to package related attacks in a controlled environment, and to design more effective lures.

The web dashboard consists of a React front end with a Python Flask and PostgreSQL back end. HTTrack is implemented to quickly develop lure websites, GPT-2 generates believable documents, and Suricata continuously monitors traffic and accumulates data.