Abstract:
We present a novel solution in tracking the behaviour of an attacker and limiting their ability to compromise a cybersecurity system. The solution is based on combining a decoy with a real system, where a BLE controller will be placed in the middle, acting like a fob that opens and closes the access of the server's BLE. If the first server wants to communicate with the second server, the BLE must be activated by the BLE controller in order for both servers to communicate with one another. This is a relatively low-cost solution and our aim is to lower the interruption to the live system, capture the attacker's position, and limit the damages the attacker can do to a live system. A second related goal is to lower the attacker's opportunity to detect that they are being monitored. A third goal is to gather evidence of the attacker's actions that can be used for further investigation. This work is significant in that it is implemented within a real physical system for testing and evaluation using Raspberry PI and Arduino boards to replicate servers that communicate wirelessly. Several custom programs are written from scratch to monitor the attacker's behaviour, and the use of Bluetooth Low Energy to verify users. When the device was disassembled, all of the Raspberry PI, which run the Linux servers, were discontinued and unable to communicate with other devices.