Real-Time Emulation of Intrusion Victim in HoneyFarm
نویسندگان
چکیده
Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers’ behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers’ outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملGQ: Realizing a System to Catch Worms in a Quarter Million Places
A key tool for detecting new worm outbreaks in their early stages is the honeyfarm, a large collection of honeypots fed Internet traffic by a “network telescope”. However, actual operation of a honeyfarm in a large-scale environment presents difficult scaling challenges. We discuss the structure and implementation of GQ, a honeyfarm system we built to analyze in real-time the scanning probes se...
متن کاملTiming-accurate Storage Emulation: Evaluating Hypothetical Storage Components in Real Computer Systems
Timing-accurate storage emulation offers a unique performance evaluation capability: the flexibility of simulation with the reality of experimental measurements. This allows a researcher to experiment with not-yet-existing storage components in the context of real systems executing real applications. As its name suggests, a timing-accurate storage emulator appears to the system to be a real sto...
متن کاملCollapsar: A VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention
The honeypot has emerged as an effective tool to provide insights into new attacks and exploitation trends. However, a single honeypot or multiple independently operated honeypots only provide limited local views of network attacks. Coordinated deployment of honeypots in different network domains not only provides broader views, but also create opportunities of early network anomaly detection, ...
متن کاملEvading network-level emulation
Recently more and more attention has been paid to the intrusion detection systems (IDS) which don't rely on signature based detection approach. Such solutions try to increase their defense level by using heuristics detection methods like network-level emulation. This technique allows the intrusion detection systems to stop unknown threats, which normally couldn't be stopped by standard signatur...
متن کامل