Real-Time Emulation of Intrusion Victim in HoneyFarm
Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers’ behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers’ outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.
KeywordsHoneypot intrusion interception proxy reverse firewall
Unable to display preview. Download preview PDF.
- 1.Spitzner, L.: Honeypots Definitions and Value of Honeypots, May 29 (2003), http://www.tracking-hackers.com/
- 2.Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley, Boston (2002)Google Scholar
- 3.Spitzner, L.: Know Your Enemy: Sebek2 A kernel based data capture tool, September 13 (2003), http://www.honeynet.org/
- 4.Spitzner, L.: Hitting the Sweet Spot (July 2003)Google Scholar
- 6.Wessels, D.: Web Caching. The O’REILLY press, Sebastopol (November 2002)Google Scholar
- 7.Rabinovich, M., Spatscheck, O.: Web Caching and Replication, ch. 8. Addison Wesley, Reading (2002)Google Scholar
- 9.Barish, G., Obraczka, K.: World Wide Web Caching: Trends and Techniques. IEEE Communications Magazine Internet Technology Series (May 2000)Google Scholar
- 10.Zeng, D., Wang, F.-Y., Liu, M.: Efficient Web Content Delivery Using Proxy Caching Techniques. IEEE Transactions on Systems, Man, and Cybernetics—Part C: Applications and Reviews 34(3) (August 2004)Google Scholar
- 12.Malpani, R., Lorch, J., Berger, D.: Making World Wide Web Caching Servers Cooperate. In: Proceedings of the 4th International WWW Conference, Boston, MA (December 1995), http://www.w3.org/Conferences/WWW4/Papers/59/
- 13.Kroeger, T.M., Long, D.D.E., Mogul, J.C.: Exploring the Bounds of Web Latency Reduction from Caching and Prefetching. In: Proceedings of the Symposium on Internet Technologies and Systems (1997)Google Scholar