Abstract
High-interaction honeypots providing virtually an unlimited set of OS services to attackers are necessary to capture the most sophisticated human-made attacks for further analysis. Unfortunately, this field is not covered by recent publications. The paper analyses existing approaches and available open source solutions that can be used to form high-interaction honeypots first. Then the most prospective approach is chosen and best applicable tools are composed. The setup is tested eventually and its usefulness is proven.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
Using Advanced Networking tool available at https://github.com/tnich/honssh/wiki/Advanced-Networking.
- 9.
- 10.
- 11.
References
Kheirkhah, E., et al.: An experimental study of SSH attacks by using honeypot decoys. Indian J. Sci. Technol. 6(12), 5567–5578 (2013)
Sokol, P., Andrejko, M.: Deploying honeypots and honeynets: issues of liability. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 92–101. Springer, Heidelberg (2015)
Sochor, T., Zuzcak, M.: Study of internet threats and attack methods using honeypots and honeynets. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2014. CCIS, vol. 431, pp. 118–127. Springer, Heidelberg (2014)
Sochor, T., Zuzcak, M.: Attractiveness study of honeypots and honeynets in internet threat detection. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 69–81. Springer, Heidelberg (2015)
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Nicheporuk, A.: A technique for detection of bots which are using polymorphic code. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2014. CCIS, vol. 431, pp. 265–276. Springer, Heidelberg (2014)
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: A technique for the botnet detection based on DNS-traffic analysis. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 127–138. Springer, Heidelberg (2015)
The Honeynet Project: Know Your Enemy: Sebek - A kernel based data capture tool. Honeynet.org. (2003). http://old.honeynet.org/papers/sebek.pdf
Grudziecki, T. et al.: Proactive Detection of Security Incidents Honeypots. In: Polska, C., ENISA (eds.) ENISA (2012). https://www.enisa.europa.eu/publications/proactive-detection-of-security-incidents-II-honeypots
Dornseif, M., Holz, T., Klein, C.N.: NoSEBrEaK - Attacking Honeynets (2004). http://arxiv.org/abs/cs/0406052
Corey, J.: Local Honeypot Identification (2003). http://www.phrack.org/unofficial/p62/p62-0x07.txt
Quynh, N.A., Takefuji, Y.: A novel stealthy data capture tool for honeynet system. In: Proceedings of the 4th WSEAS International Conference on Information Security, Communications and Computers, Tenerife, pp. 207–212 (2005)
Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. In: ACM SIGOPS Operating Systems Review, vol. 40(4), pp. 15–27. ACM (2006). http://www.few.vu.nl/argos/papers/p15-portokalidis.pdf
Floeren, S.: Honeypot-architectures using VMI techniques. In: Proceeding zum Seminar Future Internet (FI), Innovative Internet Technologien und Mobilkommunikation und Autonomous Communication Networks, vol. 17, pp. 17–23 (2013)
Song, C., Ha, B., Zhuge, J.: Know your tools: Qebek-conceal the monitoring. In: Proceedings of 6th IEEE Information Assurance Workshop. The Honeynet Project (2015)
Jiang, X., Wang, X.: “Out-of-the-Box” monitoring of VM-based high-interaction honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 198–218. Springer, Heidelberg (2007)
Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 128–138. ACM (2007)
Lengyel, T.K., Neumann, J., Maresca, S., Payne, B.D., Kiayias, A.: Virtual machine introspection in a hybrid honeypot architecture. In: CSET (2012)
Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference. ACM (2014)
Chen, P.M., Noble, B.D.: When virtual is better than real. In: Proceedings of the Eighth Workshop on Hot Topics in Operating Systems HOTOS 2001. IEEE Computer Society (2001)
Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: n arrowing the semantic gap in virtual machine introspection. In: Security and Privacy, pp. 297–312. IEEE (2011)
Monnappa, K.A.: Automating Linux Malware Analysis Using Limon Sandbox. https://www.blackhat.com/docs/eu-15/materials/eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf
Acknowledgment
The paper was supported by the project Application of fuzzy methods for system analysis, description, prediction and control No. SGS02/ AVAFM/16 of the Student Grant Competition of the University of Ostrava.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Sochor, T., Zuzcak, M. (2016). High-Interaction Linux Honeypot Architecture in Recent Perspective. In: Gaj, P., Kwiecień, A., Stera, P. (eds) Computer Networks. CN 2016. Communications in Computer and Information Science, vol 608. Springer, Cham. https://doi.org/10.1007/978-3-319-39207-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-39207-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39206-6
Online ISBN: 978-3-319-39207-3
eBook Packages: Computer ScienceComputer Science (R0)