Abstract
Most of computer security systems use the signatures of well-known attacks to detect hackers’ attacks. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, there have been several researches on honeypots. However, honeypots can not collect information about hackers attacking active computers except themselves. In this paper, we propose the DecoyPort system to redirect hackers toward honeypots. The DecoyPort system creates the DecoyPorts on active computers. All interactions with the DecoyPorts are considered as suspect because the ports are not those for real services. Accordingly, every request sent to the DecoyPorts is redirected to honeypots by the DecoyPort system. Consequently, our system enables honeypots to collect information about hackers attacking active computers except themselves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the LISA 1999:13th Systems Administration Conference, pp. 229–238 (1999)
Laing, B., Alderson, J.: How to Guide: Implementing a Network Based Intrusion Detection System. Internet Security Systems (2000), http://www.snort.org/docs/iss-placement.pdf
Spitzner, L.: Know Your Enemy: Sebek2 A Kernel Based Data Capture Tool (2003), http://www.honeynet.org/
He, X.-Y., Lam, K.-Y., Chung, S.-L., Chi, C.-H., Sun, J.-G.: Real-Time Emulation of Intrusion Victim in HoneyFarm. In: Chi, C.-H., Lam, K.-Y. (eds.) AWCC 2004. LNCS, vol. 3309, pp. 143–154. Springer, Heidelberg (2004)
Kim, M., Kim, M., Mun, Y.: Design and Implementation of the HoneyPot System with Focusing on the Session Redirection. In: Laganà, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 262–269. Springer, Heidelberg (2004)
John, G., Levine, J.B., Grizzard, H.L.: Owen: Using Honeynets to Protect Large Enterprise Networks. IEEE Security and Privacy 2, 74–75 (2004)
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley, Reading (2003)
Spitzner, L.: Honeypot Farms (2003), http://www.securityfocus.com/infocus/1720
Werner, T.: honeytrap - trap attacks against tcp services, http://honeytrap.sourceforge.net/start.html
Fyodor,: The Art of Port Scanning. Phrack Magazine 7(51) Article 11 (1997)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, I., Kim, M. (2007). The DecoyPort: Redirecting Hackers to Honeypots. In: Enokido, T., Barolli, L., Takizawa, M. (eds) Network-Based Information Systems. NBiS 2007. Lecture Notes in Computer Science, vol 4658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74573-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-74573-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74572-3
Online ISBN: 978-3-540-74573-0
eBook Packages: Computer ScienceComputer Science (R0)