Comparisons of attacks on honeypots with those on real networks
Download
Author
Duong, Binh T.
Date
2006-03Advisor
Rowe, Neil C.
Second Reader
Fulp, J.D.
Metadata
Show full item recordAbstract
Honeypots are computer systems deliberately designed to be attack targets, mainly to learn about cyber-attacks and attacker behavior. When implemented as part of a security posture, honeypots also protect real networks by acting as a decoy, deliberately confusing potential attackers as to the real data. The objective of this research is to compare attack patterns against a honeypot to those against a real network, the network of the Naval Postgraduate School. Collection of suspicious-event data required the implementation and setup of a honeypot, in addition to the installation and use of an intrusion-detection system. A statistical analysis was conducted across suspicious-event data recorded from a honeypot and from a real network. Metrics used in our study were applied to the alerts generated from Snort 2.4.3, an open-source intrusion detection system. Results showed differences between the honeypot and the real network data which need further experiments to understand. Both the honeypot and the real network data showed much variability at the start of the experiment period and then a decrease in the number of alerts in the later period of the experiment. We conclude that after the initial probing and reconnaissance is complete, the vulnerabilities of the network are learned and therefore fewer alerts occur; but more specific signatures are then aimed at exploiting the network.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Deception using an SSH honeypot
McCaughey, Ryan J. (Monterey, California: Naval Postgraduate School, 2017-09);The number of devices vulnerable to unauthorized cyber access has been increasing at an alarming rate. A honeypot can deceive attackers trying to gain unauthorized access to a system; studying their interactions with ... -
Testing deceptive honeypots
Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ... -
IMPLEMENTATION OF SECURITY INFORMATION AND EVENT MANAGEMENT SOFTWARE IN A HONEYPOT
Sciuto, Jesse (Monterey, CA; Naval Postgraduate School, 2023-12);Many industrial control systems (ICS) were originally designed as standalone systems, unconnected to the Internet, that provided little cybersecurity to maximize reliability and response time. Increasingly, these systems ...