Abstract
Honeypots are computers specifically deployed to be a resource that is expected to be attacked or compromised. While the attacker is distracted with the decoy computer system we learn about the attacker and their methods of attack. From the information gained about the attacks we can then review and harden out security systems. Compared to an Intrusion Detection System (IDS) which may trigger false positives, we take the standpoint that nobody ought to be interacting with the decoy computer; therefore we regard all interactions to be of value and worth investigation. A sample of honeypots are evaluated and one selected to collect attacks. The captured attacks reveal the source IP address of the attacker and the service port under attack. Attacks where the exploit attempts to deploy a binary can capture the code, and automatically submit it for analysis to sandboxes such as VirusTotal.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Educational Publishers Inc., Boston (2003)
Kaur, T., Malhotra, V., Singh, D.: Comparison of network security tools - firewall, intrusion detection system and Honeypot. Int. J. Enhanced Res. Sci. Technol. Eng. 200–204 (2014)
Joshi, R., Sardana, A.: Honeypots: A New Paradigm to Information Security. Science Publishers, Enfield (2011)
Stoll, C.: The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Pocket Books, New York (2007)
Cheswick, B.: An evening with Berferd. In: Denning, D., Denning, P. (eds.) Internet besieged, pp. 103–116. ACM Press/Addison-Wesley Publishing Co., New York (1998)
Cohen, F.: The Deception toolkit home page and mailing list. In: All.Net. http://www.all.net/dtk/. Accessed 30 Mar 2015
Honeynet Project: Know your enemy: III. In: Honeynet Project. http://old.honeynet.org/papers/enemy3/. 30 Accessed Mar 2015
Göbel, J., Dewald, A.: Client-Honeypots: Exploring Malicious Websites. Oldenbourg Verlag, München (2011)
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Pearson Education, Boston (2007)
Honeynet Project: Projects. http://www.honeynet.org/project. Accessed June 2015
Quick install of Dionaea on Ubuntu. In: Andy Smith’s Blog. http://andrewmichaelsmith.com/2012/02/quick-install-of-dionaea-on-ubuntu/. Accessed May 2015
Trost, J.: Modern honey network. In: ThreatStream. https://www.threatstream.com/blog/mhn-modern-honey-network. Accessed May 2015
Kippo-Graph. In: BruteForce. https://bruteforce.gr/kippo-graph. Accessed May 2015
Dionaea - Catches bugs. In: Carnivore. http://dionaea.carnivore.it/. Accessed March 2015
Insecure.org: Nmap security scanner. In: Nmap.org. http://nmap.org/. Accessed March 2015
R Project: Getting started. In: The R Project for Statistical Computing. http://www.r-project.org/. Accessed March 2015
RStudio: Take control of your R code. In: RStudio. http://www.rstudio.com/products/rstudio/. Accessed March 2015
Popeskic: Attack on SIP protocol – VoIP vulnerability. In: How does Internet work. http://howdoesinternetwork.com/2012/voip-sip-attack. Accessed 1 June 2012
Acknowledgements
Thanks to Ameer Al-Nemrat, University of East London for encouragement on developing this paper and support from the Computing and Media Services team at the University of St Mark & St John. Finally, thank you to the editors and peer reviewers for their time, expertise and guidance on this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Moore, C., Al-Nemrat, A. (2015). An Analysis of Honeypot Programs and the Attack Data Collected. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-23276-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23275-1
Online ISBN: 978-3-319-23276-8
eBook Packages: Computer ScienceComputer Science (R0)