Improving exposure of intrusion deception system through implementation of hybrid honeypot

Mansoori, Masood and Zakaria, Omar and Gani, Abdullah (2012) Improving exposure of intrusion deception system through implementation of hybrid honeypot. The International Arab Journal of Information Technology, 9 (5). pp. 436-444. ISSN 1683-3198,

[img]
Preview
 PDF
2012_Improving_Exposure_of_intrusion_deception_system_through_implementation_of_hybrid_honeypot.pdf
Download (222kB)
Official URL: http://iajit.org/PDF/vol.9,no.5/2937-5.pdf

Abstract

This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot simplifies the analysis process by classifying traffics as malicious, however it also lessens its ability to lure attackers through exposure of vulnerable service. As a result it captures smaller amount of data on attacks for analysis. Client honeypot designs, on the other hand, contain modules that actively interact with outside networks, expose vulnerabilities in client side software, and identify malicious content, hosted on webservers. The proposed hybrid system integrates active module concept of a client honeypot into a server honeypot. The active module interacts with webservers utilising a custom crawler and browser, publicises the honeypot�s IP address and therefore improves exposure of server honeypot's vulnerable services. The findings presented in this paper show that interaction with webservers improves exposure, and results in significantly higher number of attacks, which in turn, increases the probability of discovering new threats. The findings also characterise most attacks to be worm based and directed at Windows based hosts and services.

Item Type: Article
Funders: UNSPECIFIED
Uncontrolled Keywords: IDS; Server honeypot; Client honeypot; Hybrid honeypot
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Computer Science & Information Technology
Depositing User: Ms Maisarah Mohd Muksin
Date Deposited: 15 Jan 2013 02:19
Last Modified: 12 Oct 2018 01:22
URI: http://eprints.um.edu.my/id/eprint/4462

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.