This paper presents a new hybrid honeypot archi-tecture which focuses on the coverage of large IPv6 address spaces. Results from a 15-months darknet experiment verify that attackers and researchers utilise various approaches to scan wide and unforeseeable IPv6 address ranges which cannot be managed with current honeypot solutions. The huge IPv6 address space not only makes it hard for attackers...

A honeypot apparatus, as a perspective security technology has proven itself worth deploying by various malicious records made. The next step in deploying the technology can be an independent hardware device with the incorporated honeypot behaviour. Such a solution would bring an ease in deployment together with a high throughput it would be able to support to the area of network auditing and m...

Honeypots, which are traps designed to resemble easy to compromise computer systems, have become essential tools for security professionals and researchers because of their significant contribution in disclosing the underworld of cybercirmes. However, recent years have witnessed the development of several anti-honeypot technologies. Botmasters can exploit the fact that honeypots should not part...

Information security communities are always talking about ”attackers” or “blackhats”, but in reality very little is known about their skills. The idea of studying attacker behaviors was pioneered in the early nineties. In the last decade the number of attacks has increased exponentially and honeypots were introduced in order to gather information about attackers and to develop early-warning sys...

Honeypots are network surveillance architectures designed to resemble easy-to-compromise computer systems. They are deployed with the aim to trap hackers in order to help security professionals capture, control, and analyze malicious Internet attacks and other activities of hackers. A botnet is an army of compromised computers controlled by a bot herder and used for illicit financial gain. Botn...

Honeypots are more and more used to collect data on malicious activities on the Internet and to better understand the strategies and techniques used by attackers to compromise target systems. Analysis and modeling methodologies are needed to support the characterization of attack processes based on the data collected from the honeypots. This paper presents some empirical analyses based on the d...

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our hon...

This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to pr...