INTERCEPT: high-interaction server-type honeypot based on live migration
نویسندگان
چکیده
This paper aims at developing a honeypot system for web applications. The key idea is employing migration techniques to create a virtual machine as a honey web server, and making the honeypot to equip the same memory and block content of the real systems. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, it might be difficult to develop the lure-able, protect-able, and deception-able honeypot for web applications. This paper analyzes the background issues of the problem and finds the missing piece toward the suitable honeypot. It also designs and implements INTERCEPT, the core component of the honeypot system for web applications, which can avoid the data corruption as well as finishing the migration in short time period. Finally, we discuss how to complete the missing piece.
منابع مشابه
Improving exposure of intrusion deception system through implementation of hybrid honeypot
This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot simplifies the analysis process by classi...
متن کاملValidation of the Network-based Dictionary Attack Detection
This paper presents a study of successful dictionary attacks against a SSH server and their network-based detection. On the basis of experience in the protection of university network we developed a detection algorithm based on a generic SSH authentication pattern. Thanks to the network-based approach, the detection algorithm is host independent and highly scalable. We deployed a high-interacti...
متن کاملEvaluation of Fingerprinting Techniques and a Windows-based Dynamic Honeypot
Server honeypots are static systems, setup to monitor attacks on research and production networks. Static honeypots are unable to represent the dynamic nature of today’s networks where different numbers of hardware devices and hosts running various operating systems are online at a particular time and frequently join and leave a network. A single static server honeypot presents a particular ope...
متن کاملAmun: Automatic Capturing of Malicious Software
This paper describes the low-interaction server honeypot Amun. Through the use of emulated vulnerabilities Amun aims at capturing malware in an automated fashion. The use of the scriping language Python, a modular design, and the possibility to write vulnerability modules in XML allow the honeypot to be easily maintained and extended to personal needs.
متن کامل