Conference Paper

Design and Implementation of the HoneyPot System with Focusing on the Session Redirection.

DOI: 10.1007/978-3-540-24707-4_33 Conference: Computational Science and Its Applications - ICCSA 2004, International Conference, Assisi, Italy, May 14-17, 2004, Proceedings, Part I
Source: DBLP

ABSTRACT In this paper, we implement a HoneyPot system equipped with several sub systems for their use. Obtaining the new knowledge
on the access skills of intruder allows us to make a policy more precisely and quickly to protect a system from the new attacks.
Our implementation presents an HoneyPot System cooperates with firewall and management server. In this system, firewall redirects
a session from an abnormal user to HoneyPot to learn the advanced intrusion skills and to respond more effectively.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Most of computer security systems use the signatures of well-known attacks to detect hackers’ attacks. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, there have been several researches on honeypots. However, honeypots can not collect information about hackers attacking active computers except themselves. In this paper, we propose the DecoyPort system to redirect hackers toward honeypots. The DecoyPort system creates the DecoyPorts on active computers. All interactions with the DecoyPorts are considered as suspect because the ports are not those for real services. Accordingly, every request sent to the DecoyPorts is redirected to honeypots by the DecoyPort system. Consequently, our system enables honeypots to collect information about hackers attacking active computers except themselves.
    Network-Based Information Systems, First International Conference, NBiS 2007, Regensburg, Germany, September 3-7, 2007, Proceedings; 01/2007