HoneyC - The Low-Interaction Client Honeypot
نویسندگان
چکیده
A honeypot is a security device that is designed to lure malicious activity to itself. Capturing such malicious activity allows for studying it to understand the operations and motivation of attackers, and subsequently helps to better secure computers and networks. A honeypot does not have any production value. ”It’s a security resource whose value lies in being probed, attacked, or compromised” [18]. Because it does not have any production value, any new activities or network traffic that comes from the honeypot indicates that it has been successfully compromised. As such, a compromise is very easy to detect on honeypots. False positives, as commonly found on traditional intrusion detection systems, do not exist on honeypots.
منابع مشابه
Design and Implementation of Linux Based Hybrid Client Honeypot Incorporating Multi Layer Detection
In current global internet cyber space, the number of targeted client side attacks are increasing that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, therefore there is requirement of strong mechanisms to fight against these kinds of attacks. In this paper, we present the design and implementation of a client honeypot which incorporate the functional...
متن کاملYALIH, Yet Another Low Interaction Honeyclient
Low-interaction honeyclients employ static detection techniques such as signatures, heuristic or anomaly detection in the identification of malicious websites. They are associated with low detection rate and failure to identify zero-day and obfuscated attacks. This paper presents a low-interaction client honeypot that employs multiple signature detection engines in combination with de-obfuscati...
متن کاملMonkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients
Client-side attacks are on the rise: malicious websites that exploit vulnerabilities in the visitor’s browser are posing a serious threat to client security, compromising innocent users who visit these sites without having a patched web browser. Currently, there is neither a freely available comprehensive database of threats on the Web nor sufficient freely available tools to build such a datab...
متن کاملImproving exposure of intrusion deception system through implementation of hybrid honeypot
This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot simplifies the analysis process by classi...
متن کاملHoneypot architectures for IPv6 networks
The decrease of available IPv4 addresses and the requirement for new features demands Internet service providers to deploy IPv6 networks. It is not a question of if, but when new network attacks will appear, which target the comparatively new network protocol. Virtual honeypots provide an important tool for the observation of assaults in computer networks. In contrast to intrusion detection sys...
متن کامل