Research on Honeypot Protection Technology Based on Rootkit

  • Ming Wang
  • Xiangrong Wang
  • Zhengqiu Lu
  • Meng Chen
  • Qingzhang Chen
Conference paper

Abstract

Based on the analysis of current types of main honeypot and antihoneypot technologies, the author proposes a method based on Rootkit to strengthen the self-protection of honeypot system, and discusses how to hide and protect honeypot system with relation to its four aspects, namely, the honeypot process protection, the log data protection, antihoneypot scan, and the honeypot process restart. The honeypot protection technology proposed in this chapter can protect the honeypot system from being attacked, captured, and identified easily by the invaders. Even if the honeypot is captured, it can effectively guarantee that the host system control power of the honeypot will not be easily captured by invaders. Even if the system control power is captured by invaders, the important data made and recorded by the honeypot will not be easily detected and destroyed by invaders, thus greatly enhances the honeypot system security. This chapter aims at achieving a maximum delay of invaders’ attacking speed, and avoiding honeypot misuse after being captured, providing a basis for invaders to attack the next target, and providing a new research idea for the upcoming combat between honeypot and antihoneypot technology. Experimental results show that the proposed honeypot protection technology can effectively protect against the honeypot capture.

Keywords

Honeypot Antihoneypot Rootkit Information safety Network attack 

References

  1. 1.
    Domself Thorsten, Holz Christian, N Klen. NoSEBrEak Attacking Honeynets[J]. United States Mihtary Academy, 2004, 67–69.Google Scholar
  2. 2.
    N Krawetz. Anti-Honeypot Technology[J]. IEEE Security & Privacy, 2004, 2(1)76–79.CrossRefGoogle Scholar
  3. 3.
    Liufenglu. Research and Analysis of Honeypot Technology[D]. National University of Defense Technology, Changsha, 2006.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  • Ming Wang
    • 1
  • Xiangrong Wang
    • 1
  • Zhengqiu Lu
    • 1
  • Meng Chen
    • 2
  • Qingzhang Chen
    • 3
  1. 1.Ningbo Dahongying UniversityNingboChina
  2. 2.Ningbo University of TechnologyNingboChina
  3. 3.Zhejiang University of TechnologyHangzhouChina

Personalised recommendations