With the rising number of cyber threats in communication networks, there is a demand for attack analysis and the identification of new threats. Honeypots, tools for attack analysis and zero-day exploit discovery, are passive in waiting for an attacker. This paper proposes a novel approach to the effective utilization of honeypots based on cooperation between honeypots and the network in which t...

Honeypots are decoys designed to trap attackers. Once deployed, we can use honeypots to log an attacker’s activities, analyze its behavior and design new approaches to defend against it. A virtual honeypot can emulate multiple honeypots on one physical machine, and so provide great flexibility in representing one or more networks of machines. In order to operate effectively, a honeypot needs to...

Malicious software has become a major threat to computer users on the Internet today. Security researchers need to gather and analyze large sample sets to develop effective countermeasures. The setting of honeypots, which emulate vulnerable applications, is one method to collect attack code. We have proposed a dedicated hardware architecture for honeypots which allows both high-speed operation ...

This paper presents an architecture for the characterization and the classification of activities occurring in a computer. These activities are considered from a system point of view, currently dealing with information coming from SELinux system logs. Starting from system events, and following an incremental approach, this paper shows how to characterize high-level and macro activities occuring...

Honeypots are decoy cyberdefense systems placed in a network to entice malicious entities into attacking in order to waste attacker resources and learn information about attack behavior or previously unknown exploits. We focus on the strategic selection of various honeypot configurations in order to adapt to an intelligent attacker amidst a dynamic environment. In order to infiltrate networks, ...

Programmable logic controllers (PLCs) are used widely to control industrial processes and communicate with the supervisory system. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack directed the attention of the security and control system c...

The number of client-side attacks has grown significantly in the past few years, shifting focus away from defendable positions to a broad, poorly defended space filled with vulnerable clients. Just as honeypots enabled deep research into server-side attacks, honeyclients can permit the deep study of client-side attacks. A complement to honeypots, a honeyclient is a tool designed to mimic the be...

Today, internet and web services have become an inseparable part of our lives. Hence, ensuring continuous availability of service has become imperative to the success of any organization. But these services are often hampered by constant threats from myriad types of attacks. One such attack is called distributed denial of service attack that results in issues ranging from temporary slowdown of ...

In this paper, we propose a honeypot architecture for detecting and analyzing unknown network attacks. The main focus of our approach lies in improving the “significance” of recorded events and network traffic that need to be analyzed by a human network security operator in order to identify a new attacking pattern. Our architecture aims to achieve this goal by combining three main components: ...

Both honeypots and network telescopes are extremely powerful tools to analyze malicious network activities. In this paper we evaluate these two concepts by looking at data obtained from two such sources over a common time period. Our viewpoint is biased towards a network management perspective and we will present in this paper patterns and trends in misconfigured network devices. We will show t...