Conference Paper

Design and Implementation of the HoneyPot System with Focusing on the Session Redirection

DOI: 10.1007/978-3-540-24707-4_33 Conference: Computational Science and Its Applications - ICCSA 2004, International Conference, Assisi, Italy, May 14-17, 2004, Proceedings, Part I
Source: DBLP


In this paper, we implement a HoneyPot system equipped with several sub systems for their use. Obtaining the new knowledge
on the access skills of intruder allows us to make a policy more precisely and quickly to protect a system from the new attacks.
Our implementation presents an HoneyPot System cooperates with firewall and management server. In this system, firewall redirects
a session from an abnormal user to HoneyPot to learn the advanced intrusion skills and to respond more effectively.

16 Reads
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A honeypot is a security resource whose value lies in being attack. It collects data regarding the attack strategies and tools of hackers. However, the honeypot is normally located at a single point, and the possibility is small that a hacker will attack it. Unused ports-based decoy systems which gather data about hackers activities have been developed to complement honeypots. However, the systems have some problems to be deployed in actual environment. In this paper, we propose an agent-based system which enhances shortcomings of the unused ports-based decoy systems. It makes honeypot gather more information regarding hacker activities and protects clients from attacks. Moreover, the proposed system can increase the chance of tracking hackers activities without wasting additional IP addresses and computer hardwares.
    01/2007; 17(5).
  • [Show abstract] [Hide abstract]
    ABSTRACT: Most of computer security systems use the signatures of well-known attacks to detect hackers’ attacks. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, there have been several researches on honeypots. However, honeypots can not collect information about hackers attacking active computers except themselves. In this paper, we propose the DecoyPort system to redirect hackers toward honeypots. The DecoyPort system creates the DecoyPorts on active computers. All interactions with the DecoyPorts are considered as suspect because the ports are not those for real services. Accordingly, every request sent to the DecoyPorts is redirected to honeypots by the DecoyPort system. Consequently, our system enables honeypots to collect information about hackers attacking active computers except themselves.
    Network-Based Information Systems, First International Conference, NBiS 2007, Regensburg, Germany, September 3-7, 2007, Proceedings; 09/2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: Our contribution through this paper is to provide a novel approach for securing hosts inside the home network using predictive attack detection and honeypots. We have given a unique method to secure hosts inside the home network. After securing these hosts we redirect attacker traffic to honeypots for further analysis. Our system also offers techniques to roam an attacker over multiple installed honeypots. This in turn helps to load share the attack traffic between honeypots and to record maximum number of attacks. This method also helps to address key problem of determining honeypot location for maximum attack exposure.
    Innovations in Information Technology (IIT), 2013 9th International Conference on; 03/2013
Show more