Skip to main content

Modeling Malware-driven Honeypots

Part of the Lecture Notes in Computer Science book series (LNSC,volume 10442)


In this paper we propose the Hogney architecture for the deployment of malware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant intelligence information on current threats. Thus, the Hogney architecture takes advantage of recent Indicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.


  • Honeypot
  • Malware
  • Adaptive
  • Dynamic
  • Intelligence
  • IOC

This is a preview of subscription content, access via your institution.


  1. Internet security threat report: vol. 21, Symantec, Technical report, 2016, April 2016

    Google Scholar 

  2. SentinelOne: Sentinelone ransomware research data summary (2017).

  3. Cymmetria: Mirai open source iot honeypot (2016).

  4. Nawrocki, M., Wählisch, M., Schmidt, T.C.: A Survey on Honeypot Software and Data Analysis., vol. 10, pp. 63–75 (2016)

  5. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT - a novel honeypot for revealing current IoT threats. JIP 24(3), 522–533 (2016)

    Google Scholar 

  6. Pauna, A., Patriciu, V.V.: CASSHH – case adaptive SSH honeypot. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 322–333. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54525-2_29

    CrossRef  Google Scholar 

  7. Wagener, G., State, R., Engel, T.: Adaptive and self-configurable honeypots. In: Integrated Network Management (IM) (2011)

    Google Scholar 

  8. Guarnizo, J., Tambe, A.. Bhunia, S.S., Ochoa, M., Tippenhauer, N.O., Shabtai, A., Elovici, Y.: SIPHON - Towards Scalable High-Interaction Physical Honeypots. CoRR, vol. cs.CR (2017)

    Google Scholar 

  9. Fan, W., Fernández, D., Du, Z.: Adaptive and flexible virtual honeynet. In: Boumerdassi, S., Bouzefrane, S., Renault, É. (eds.) MSPN 2015. LNCS, vol. 9395, pp. 1–17. Springer, Cham (2015). doi:10.1007/978-3-319-25744-0_1

    CrossRef  Google Scholar 

  10. Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: Misp: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56. ACM (2016)

    Google Scholar 

  11. G. Inc.: Virus total intelligence (2017).

  12. Porcello, J.: Navigating and Visualizing the Malware Intelligence Space, pp. 1–7, November 2012

    Google Scholar 

  13. Hungenberg, T., Eckert, M.: Internet services simulation suite (2014).

  14. Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: The cuckoo sandbox (2012)

    Google Scholar 

  15. Angrishi, K.: Turning internet of things (IoT) into internet of vulnerabilities (IoV): Iot botnets, February 2017

    Google Scholar 

  16. Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)

    Google Scholar 

  17. Critical Stack Inc.: Critical stack intel // feed (2017).

  18. Payload Security.: Free automated malware analysis service (2017).

  19. Ramilli, M.: A machine learning dataset for everyone (2016).

  20. Trinius, P., Willems, C., Holz, T., Rieck, K.: A Malware Instruction Set for Behavior-Based Analysis. Sicherheit (2010)

    Google Scholar 

Download references


This work has been funded by Junta de Andalucia through the project FISICCO (TIC-07223), and by the Spanish Ministry of Economy and Competitiveness through the project IoTest (TIN2015-72634-EXP/AEI).

Author information

Authors and Affiliations


Corresponding author

Correspondence to Gerardo Fernandez .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Fernandez, G., Nieto, A., Lopez, J. (2017). Modeling Malware-driven Honeypots. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64482-0

  • Online ISBN: 978-3-319-64483-7

  • eBook Packages: Computer ScienceComputer Science (R0)