Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Privacy in Digital Business

TrustBus 2017: Trust, Privacy and Security in Digital Business pp 130–144Cite as

Modeling Malware-driven Honeypots

Part of the Lecture Notes in Computer Science book series (LNSC,volume 10442)

Abstract

In this paper we propose the Hogney architecture for the deployment of malware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant intelligence information on current threats. Thus, the Hogney architecture takes advantage of recent Indicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.

Keywords

  • Honeypot
  • Malware
  • Adaptive
  • Dynamic
  • Intelligence
  • IOC

This is a preview of subscription content, access via your institution.

References

  1. Internet security threat report: vol. 21, Symantec, Technical report, 2016, April 2016

    Google Scholar 

  2. SentinelOne: Sentinelone ransomware research data summary (2017). https://go.sentinelone.com/rs/327-MNM-087/images/Data%20Summary%20-%20English.pdf

  3. Cymmetria: Mirai open source iot honeypot (2016). http://blog.cymmetria.com/mirai-open-source-iot-honeypot-new-cymmetria-research-release

  4. Nawrocki, M., Wählisch, M., Schmidt, T.C.: A Survey on Honeypot Software and Data Analysis. arXiv.org, vol. 10, pp. 63–75 (2016)

  5. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT - a novel honeypot for revealing current IoT threats. JIP 24(3), 522–533 (2016)

    Google Scholar 

  6. Pauna, A., Patriciu, V.V.: CASSHH – case adaptive SSH honeypot. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 322–333. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54525-2_29

    CrossRef  Google Scholar 

  7. Wagener, G., State, R., Engel, T.: Adaptive and self-configurable honeypots. In: Integrated Network Management (IM) (2011)

    Google Scholar 

  8. Guarnizo, J., Tambe, A.. Bhunia, S.S., Ochoa, M., Tippenhauer, N.O., Shabtai, A., Elovici, Y.: SIPHON - Towards Scalable High-Interaction Physical Honeypots. CoRR, vol. cs.CR (2017)

    Google Scholar 

  9. Fan, W., Fernández, D., Du, Z.: Adaptive and flexible virtual honeynet. In: Boumerdassi, S., Bouzefrane, S., Renault, É. (eds.) MSPN 2015. LNCS, vol. 9395, pp. 1–17. Springer, Cham (2015). doi:10.1007/978-3-319-25744-0_1

    CrossRef  Google Scholar 

  10. Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: Misp: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56. ACM (2016)

    Google Scholar 

  11. G. Inc.: Virus total intelligence (2017). https://www.virustotal.com

  12. Porcello, J.: Navigating and Visualizing the Malware Intelligence Space, pp. 1–7, November 2012

    Google Scholar 

  13. Hungenberg, T., Eckert, M.: Internet services simulation suite (2014). http://www.inetsim.org

  14. Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: The cuckoo sandbox (2012)

    Google Scholar 

  15. Angrishi, K.: Turning internet of things (IoT) into internet of vulnerabilities (IoV): Iot botnets, February 2017

    Google Scholar 

  16. Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)

    Google Scholar 

  17. Critical Stack Inc.: Critical stack intel // feed (2017). https://intel.criticalstack.com

  18. Payload Security.: Free automated malware analysis service (2017). https://www.hybrid-analysis.com

  19. Ramilli, M.: A machine learning dataset for everyone (2016). http://marcoramilli.blogspot.com.es/2016/12/malware-training-sets-machine-learning.html

  20. Trinius, P., Willems, C., Holz, T., Rieck, K.: A Malware Instruction Set for Behavior-Based Analysis. Sicherheit (2010)

    Google Scholar 

Download references

Acknowledgments

This work has been funded by Junta de Andalucia through the project FISICCO (TIC-07223), and by the Spanish Ministry of Economy and Competitiveness through the project IoTest (TIN2015-72634-EXP/AEI).

Author information

Authors and Affiliations

  1. Network, Information and Computer Security (NICS) Lab, Department of Computer Science, University of Malaga, Malaga, Spain

    Gerardo Fernandez, Ana Nieto & Javier Lopez

Authors
  1. Gerardo Fernandez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana Nieto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Javier Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gerardo Fernandez .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  3. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Fernandez, G., Nieto, A., Lopez, J. (2017). Modeling Malware-driven Honeypots. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64483-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64482-0

  • Online ISBN: 978-3-319-64483-7

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation