Publication:
Assessing the effects of honeypots on cyber-attackers

Loading...
Thumbnail Image
Authors
Lim, Sze Li Harry
Subjects
Advisors
Rowe, Neil C.
Date of Issue
2006-12
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. While the security community is reaping fruits of this collection tool, the hacker community is increasingly aware of this technology. In response, they develop anti-honeypot technology to detect and avoid honeypots. Prior to the discovery of newer intelligence collection tools, we need to maintain the relevancy of honeypot. Since the development of anti-honeypot technology indicates the deterrent effect of honeypot, we can capitalize on this deterrent effect to develop fake honeypot. Fake honeypot is real production system with deterring characteristics of honeypot that induces the avoidance behavior of cyber-attackers. Fake honeypots will provide operators with workable production systems under obfuscation of deterring honeypot when deployed in hostile information environment. Deployed in a midst of real honeynets, it will confuse and delay cyber-attackers. To understand the effects of honeypot on cyber-attackers to design fake honeypot, we exposed a tightly secured, self-contained virtual honeypot to the Internet over a period of 28 days. We conclude that it is able to withstand the duration of exposure without compromise. The metrics pertaining to the size of last packet suggested departure of cyber-attackers during reconnaissance.
Type
Thesis
Description
Series/Report No
Department
Department of Computer Science
Other Units
Naval Postgraduate School (U.S.).
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 63 p. : col. ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections