Advertisement

Modeling Malware-driven Honeypots

  • Gerardo FernandezEmail author
  • Ana Nieto
  • Javier Lopez
Conference paper
  • 713 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10442)

Abstract

In this paper we propose the Hogney architecture for the deployment of malware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant intelligence information on current threats. Thus, the Hogney architecture takes advantage of recent Indicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.

Keywords

Honeypot Malware Adaptive Dynamic Intelligence IOC 

Notes

Acknowledgments

This work has been funded by Junta de Andalucia through the project FISICCO (TIC-07223), and by the Spanish Ministry of Economy and Competitiveness through the project IoTest (TIN2015-72634-EXP/AEI).

References

  1. 1.
    Internet security threat report: vol. 21, Symantec, Technical report, 2016, April 2016Google Scholar
  2. 2.
    SentinelOne: Sentinelone ransomware research data summary (2017). https://go.sentinelone.com/rs/327-MNM-087/images/Data%20Summary%20-%20English.pdf
  3. 3.
  4. 4.
    Nawrocki, M., Wählisch, M., Schmidt, T.C.: A Survey on Honeypot Software and Data Analysis. arXiv.org, vol. 10, pp. 63–75 (2016)
  5. 5.
    Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT - a novel honeypot for revealing current IoT threats. JIP 24(3), 522–533 (2016)Google Scholar
  6. 6.
    Pauna, A., Patriciu, V.V.: CASSHH – case adaptive SSH honeypot. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 322–333. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54525-2_29 CrossRefGoogle Scholar
  7. 7.
    Wagener, G., State, R., Engel, T.: Adaptive and self-configurable honeypots. In: Integrated Network Management (IM) (2011)Google Scholar
  8. 8.
    Guarnizo, J., Tambe, A.. Bhunia, S.S., Ochoa, M., Tippenhauer, N.O., Shabtai, A., Elovici, Y.: SIPHON - Towards Scalable High-Interaction Physical Honeypots. CoRR, vol. cs.CR (2017)Google Scholar
  9. 9.
    Fan, W., Fernández, D., Du, Z.: Adaptive and flexible virtual honeynet. In: Boumerdassi, S., Bouzefrane, S., Renault, É. (eds.) MSPN 2015. LNCS, vol. 9395, pp. 1–17. Springer, Cham (2015). doi: 10.1007/978-3-319-25744-0_1 CrossRefGoogle Scholar
  10. 10.
    Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: Misp: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56. ACM (2016)Google Scholar
  11. 11.
    G. Inc.: Virus total intelligence (2017). https://www.virustotal.com
  12. 12.
    Porcello, J.: Navigating and Visualizing the Malware Intelligence Space, pp. 1–7, November 2012Google Scholar
  13. 13.
    Hungenberg, T., Eckert, M.: Internet services simulation suite (2014). http://www.inetsim.org
  14. 14.
    Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: The cuckoo sandbox (2012)Google Scholar
  15. 15.
    Angrishi, K.: Turning internet of things (IoT) into internet of vulnerabilities (IoV): Iot botnets, February 2017Google Scholar
  16. 16.
    Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)Google Scholar
  17. 17.
    Critical Stack Inc.: Critical stack intel // feed (2017). https://intel.criticalstack.com
  18. 18.
    Payload Security.: Free automated malware analysis service (2017). https://www.hybrid-analysis.com
  19. 19.
    Ramilli, M.: A machine learning dataset for everyone (2016). http://marcoramilli.blogspot.com.es/2016/12/malware-training-sets-machine-learning.html
  20. 20.
    Trinius, P., Willems, C., Holz, T., Rieck, K.: A Malware Instruction Set for Behavior-Based Analysis. Sicherheit (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Network, Information and Computer Security (NICS) Lab, Department of Computer ScienceUniversity of MalagaMalagaSpain

Personalised recommendations