Conference Paper

Design and Implementation of the HoneyPot System with Focusing on the Session Redirection

DOI: 10.1007/978-3-540-24707-4_33 Conference: Computational Science and Its Applications - ICCSA 2004, International Conference, Assisi, Italy, May 14-17, 2004, Proceedings, Part I
Source: DBLP


In this paper, we implement a HoneyPot system equipped with several sub systems for their use. Obtaining the new knowledge
on the access skills of intruder allows us to make a policy more precisely and quickly to protect a system from the new attacks.
Our implementation presents an HoneyPot System cooperates with firewall and management server. In this system, firewall redirects
a session from an abnormal user to HoneyPot to learn the advanced intrusion skills and to respond more effectively.

1 Follower
14 Reads
  • [Show abstract] [Hide abstract]
    ABSTRACT: Most of computer security systems use the signatures of well-known attacks to detect hackers’ attacks. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, there have been several researches on honeypots. However, honeypots can not collect information about hackers attacking active computers except themselves. In this paper, we propose the DecoyPort system to redirect hackers toward honeypots. The DecoyPort system creates the DecoyPorts on active computers. All interactions with the DecoyPorts are considered as suspect because the ports are not those for real services. Accordingly, every request sent to the DecoyPorts is redirected to honeypots by the DecoyPort system. Consequently, our system enables honeypots to collect information about hackers attacking active computers except themselves.
    Network-Based Information Systems, First International Conference, NBiS 2007, Regensburg, Germany, September 3-7, 2007, Proceedings; 09/2007
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A honeypot is a security resource whose value lies in being attack. It collects data regarding the attack strategies and tools of hackers. However, the honeypot is normally located at a single point, and the possibility is small that a hacker will attack it. Unused ports-based decoy systems which gather data about hackers activities have been developed to complement honeypots. However, the systems have some problems to be deployed in actual environment. In this paper, we propose an agent-based system which enhances shortcomings of the unused ports-based decoy systems. It makes honeypot gather more information regarding hacker activities and protects clients from attacks. Moreover, the proposed system can increase the chance of tracking hackers activities without wasting additional IP addresses and computer hardwares.
    01/2007; 17(5).
  • [Show abstract] [Hide abstract]
    ABSTRACT: Dynamic analysis is typically performed in a closed network environment to prevent the malware under analysis from attacking machines on the Internet. However, many of today's malwares require Internet connectivity to operate and to be thoroughly analyzed in a closed network environment. We propose a secure and transparent network environment that allows the malware in a dynamic analysis environment to have seemingly unrestricted Internet access in a secure manner. Our environment transparently dispatches malicious network traffic to compatible decoys while allowing harmless control traffic to have Internet access. We use 12 real-world malware samples, which involve Internet connections, to evaluate the effectiveness of the proposed environment. The evaluation shows that the proposed environment can allow malware to exhibit more network activities than a closed network environment and can even outperform the baseline open network environment in some cases. In the meantime, Internet security is maintained by the dispatching of attack and propagation traffic to decoys inside the analysis environment. Copyright © 2013 John Wiley & Sons, Ltd.
    Security and Communication Networks 03/2014; 7(3). DOI:10.1002/sec.764 · 0.72 Impact Factor