

<strong>Paper Title</strong><br>

Decoy Chain: Honeypot-Driven Defense Against Shadows in the Software Supply<br>

<br>


<strong>Abstract</strong><br>

The increasing sophistication of modern cyberattacks has led to the emergence of drainware attacks that leverage Command-and-Control (C2) infrastructures to remotely execute malicious activities, resulting in financial loss and unauthorized data exfiltration. Recent real-world incidents demonstrate how attackers use C2 channels to dynamically control malware behavior while remaining stealthy through encrypted and low-volume network communication. Traditional signature-based intrusion detection systems often fail to detect such attacks due to their adaptive and evasive nature. This project presents a honeypot-based mitigation framework designed to detect, analyze, and disrupt C2-driven drainware attacks. A high-interaction honeypot environment is deployed to emulate a vulnerable system, enabling the controlled capture of malicious payloads, command execution patterns, and C2 communication behavior. The honeypot collects detailed threat intelligence, including network traffic characteristics, command sequences, and data exfiltration attempts, which are further analyzed to identify attacker strategies and operational workflows. The proposed approach enables early detection of unknown and zero-day drainware attacks with minimal false positives and supports the generation of actionable mitigation strategies such as C2 endpoint blocking and behavioral rule enforcement. Experimental results indicate that the honeypot effectively exposes attacker tactics and improves situational awareness, demonstrating its potential as a proactive defense mechanism against C2-based drainware attacks.

Keywords - Honeypot, Command Execution Patterns, Drainware Attacks