An Analysis of Honeypot Programs and the Attack Data Collected

Moore, Chris; Al-Nemrat, Ameer

doi:10.1007/978-3-319-23276-8_20

Chris Moore⁸ &
Ameer Al-Nemrat⁹

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 534))

Included in the following conference series:

International Conference on Global Security, Safety, and Sustainability

1903 Accesses
10 Citations

Abstract

Honeypots are computers specifically deployed to be a resource that is expected to be attacked or compromised. While the attacker is distracted with the decoy computer system we learn about the attacker and their methods of attack. From the information gained about the attacks we can then review and harden out security systems. Compared to an Intrusion Detection System (IDS) which may trigger false positives, we take the standpoint that nobody ought to be interacting with the decoy computer; therefore we regard all interactions to be of value and worth investigation. A sample of honeypots are evaluated and one selected to collect attacks. The captured attacks reveal the source IP address of the attacker and the service port under attack. Attacks where the exploit attempts to deploy a binary can capture the code, and automatically submit it for analysis to sandboxes such as VirusTotal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Educational Publishers Inc., Boston (2003)
Google Scholar
Kaur, T., Malhotra, V., Singh, D.: Comparison of network security tools - firewall, intrusion detection system and Honeypot. Int. J. Enhanced Res. Sci. Technol. Eng. 200–204 (2014)
Google Scholar
Joshi, R., Sardana, A.: Honeypots: A New Paradigm to Information Security. Science Publishers, Enfield (2011)
Google Scholar
Stoll, C.: The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Pocket Books, New York (2007)
Google Scholar
Cheswick, B.: An evening with Berferd. In: Denning, D., Denning, P. (eds.) Internet besieged, pp. 103–116. ACM Press/Addison-Wesley Publishing Co., New York (1998)
Google Scholar
Cohen, F.: The Deception toolkit home page and mailing list. In: All.Net. http://www.all.net/dtk/. Accessed 30 Mar 2015
Honeynet Project: Know your enemy: III. In: Honeynet Project. http://old.honeynet.org/papers/enemy3/. 30 Accessed Mar 2015
Göbel, J., Dewald, A.: Client-Honeypots: Exploring Malicious Websites. Oldenbourg Verlag, München (2011)
Google Scholar
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Pearson Education, Boston (2007)
Google Scholar
Honeynet Project: Projects. http://www.honeynet.org/project. Accessed June 2015
Quick install of Dionaea on Ubuntu. In: Andy Smith’s Blog. http://andrewmichaelsmith.com/2012/02/quick-install-of-dionaea-on-ubuntu/. Accessed May 2015
Trost, J.: Modern honey network. In: ThreatStream. https://www.threatstream.com/blog/mhn-modern-honey-network. Accessed May 2015
Kippo-Graph. In: BruteForce. https://bruteforce.gr/kippo-graph. Accessed May 2015
Dionaea - Catches bugs. In: Carnivore. http://dionaea.carnivore.it/. Accessed March 2015
Insecure.org: Nmap security scanner. In: Nmap.org. http://nmap.org/. Accessed March 2015
R Project: Getting started. In: The R Project for Statistical Computing. http://www.r-project.org/. Accessed March 2015
RStudio: Take control of your R code. In: RStudio. http://www.rstudio.com/products/rstudio/. Accessed March 2015
Popeskic: Attack on SIP protocol – VoIP vulnerability. In: How does Internet work. http://howdoesinternetwork.com/2012/voip-sip-attack. Accessed 1 June 2012

Download references

Acknowledgements

Thanks to Ameer Al-Nemrat, University of East London for encouragement on developing this paper and support from the Computing and Media Services team at the University of St Mark & St John. Finally, thank you to the editors and peer reviewers for their time, expertise and guidance on this paper.

Author information

Authors and Affiliations

University of St Mark & St John, Plymouth, England, UK
Chris Moore
University of East London, London, England, UK
Ameer Al-Nemrat

Authors

Chris Moore
View author publications
You can also search for this author in PubMed Google Scholar
Ameer Al-Nemrat
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chris Moore .

Editor information

Editors and Affiliations

GSM London, London, United Kingdom
Hamid Jahankhani
SC Strategy Limited, London, United Kingdom
Alex Carlile
Sheffield Hallam University, Sheffield, United Kingdom
Babak Akhgar
Deutsche Bank, New York, USA
Amie Taal
City University, London, United Kingdom
Ali G. Hessami
Leeds Beckett University, Leeds, United Kingdom
Amin Hosseinian-Far

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Moore, C., Al-Nemrat, A. (2015). An Analysis of Honeypot Programs and the Attack Data Collected. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_20

Download citation

DOI: https://doi.org/10.1007/978-3-319-23276-8_20
Published: 04 September 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23275-1
Online ISBN: 978-3-319-23276-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics