Real-Time Emulation of Intrusion Victim in HoneyFarm

  • Xing-Yun He
  • Kwok-Yan Lam
  • Siu-Leung Chung
  • Chi-Hung Chi
  • Jia-Guang Sun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3309)


Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers’ behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers’ outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.


Honeypot intrusion interception proxy reverse firewall 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Spitzner, L.: Honeypots Definitions and Value of Honeypots, May 29 (2003),
  2. 2.
    Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley, Boston (2002)Google Scholar
  3. 3.
    Spitzner, L.: Know Your Enemy: Sebek2 A kernel based data capture tool, September 13 (2003),
  4. 4.
    Spitzner, L.: Hitting the Sweet Spot (July 2003)Google Scholar
  5. 5.
  6. 6.
    Wessels, D.: Web Caching. The O’REILLY press, Sebastopol (November 2002)Google Scholar
  7. 7.
    Rabinovich, M., Spatscheck, O.: Web Caching and Replication, ch. 8. Addison Wesley, Reading (2002)Google Scholar
  8. 8.
    Davison, B.D., Rurgers: A Web Caching Primer. IEEE Internet Computing 5, 38–45 (2001)CrossRefGoogle Scholar
  9. 9.
    Barish, G., Obraczka, K.: World Wide Web Caching: Trends and Techniques. IEEE Communications Magazine Internet Technology Series (May 2000)Google Scholar
  10. 10.
    Zeng, D., Wang, F.-Y., Liu, M.: Efficient Web Content Delivery Using Proxy Caching Techniques. IEEE Transactions on Systems, Man, and Cybernetics—Part C: Applications and Reviews 34(3) (August 2004)Google Scholar
  11. 11.
    Wang, J.: A Survey of Web Caching Schemes for the Internet. ACM Computer Communication Review 29(5), 36–46 (1999)CrossRefGoogle Scholar
  12. 12.
    Malpani, R., Lorch, J., Berger, D.: Making World Wide Web Caching Servers Cooperate. In: Proceedings of the 4th International WWW Conference, Boston, MA (December 1995),
  13. 13.
    Kroeger, T.M., Long, D.D.E., Mogul, J.C.: Exploring the Bounds of Web Latency Reduction from Caching and Prefetching. In: Proceedings of the Symposium on Internet Technologies and Systems (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Xing-Yun He
    • 1
  • Kwok-Yan Lam
    • 1
  • Siu-Leung Chung
    • 2
  • Chi-Hung Chi
    • 3
  • Jia-Guang Sun
    • 1
  1. 1.School of SoftwareTsinghua UniversityBeijingP.R. China
  2. 2.School of Business AdministrationThe Open University of Hong Kong 
  3. 3.School of ComputingNational University of Singapore 

Personalised recommendations