Testing a low-interaction honeypot against live cyber attackers
Download
Author
Frederick, Erwin E.
Date
2011-09Advisor
Rowe, Neil C.
Second Reader
Warren, Daniel F.
Metadata
Show full item recordAbstract
The development of honeypots as decoys designed to detect, investigate, and counterattack unauthorized use of information systems has produced an "arms race" between honeypots (computers designed solely to receive cyber attacks) and anti-honeypot technology. To test the current state of this race, we performed experiments in which we ran a small group of honeypots, using the low-interaction honeypot software Honeyd, on a network outside campus firewall protection. For 15 weeks, we ran different configurations of ports and service scripts, and simulated operating systems to check which configurations were most useful as a research honeypot and which were most useful as decoys to protect other network users. We analyzed results in order to improve the results for both purposes in subsequent weeks. We did find promising configurations for both purposes; however, good configurations for one purpose were not necessarily good for the other. We also tested the limits of Honeyd software and identified aspects of it that need to be improved. We also identified the most common attacks, most common ports used by attackers, and degree of success of decoy service scripts.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Identifying Anomalous Network Flow Activity Using Cloud-Based Honeypots
Rowe, Neil C.; Nguyen, Thuy D.; Dougherty, Jeffrey T. (Monterey, California. Naval Postgraduate School, 2020-10); NPS-CS-20-003This work addressed efficient and effective implementation of honeypots (decoy devices) in cloud services. Honeypots are essential tools for detecting new attacks on computers and networks, and cloud services are distributed ... -
EVASION OF HONEYPOT DETECTION MECHANISMS THROUGH IMPROVED INTERACTIVITY OF ICS-BASED SYSTEMS
Dougherty, Jeffrey T. (Monterey, CA; Naval Postgraduate School, 2020-09);In recent years critical-infrastructure systems, particularly smart electrical grids, have become dependent on computer control systems and thus increasingly vulnerable to cyber attack. Attempts to defend these systems ... -
Assessing the effects of honeypots on cyber-attackers
Lim, Sze Li Harry (Monterey, California. Naval Postgraduate School, 2006-12);A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. While the security community is reaping fruits of this collection tool, the hacker ...