Testing a low-interaction honeypot against live cyber attackers
Frederick, Erwin E.
Rowe, Neil C.
Warren, Daniel F.
MetadataShow full item record
The development of honeypots as decoys designed to detect, investigate, and counterattack unauthorized use of information systems has produced an "arms race" between honeypots (computers designed solely to receive cyber attacks) and anti-honeypot technology. To test the current state of this race, we performed experiments in which we ran a small group of honeypots, using the low-interaction honeypot software Honeyd, on a network outside campus firewall protection. For 15 weeks, we ran different configurations of ports and service scripts, and simulated operating systems to check which configurations were most useful as a research honeypot and which were most useful as decoys to protect other network users. We analyzed results in order to improve the results for both purposes in subsequent weeks. We did find promising configurations for both purposes; however, good configurations for one purpose were not necessarily good for the other. We also tested the limits of Honeyd software and identified aspects of it that need to be improved. We also identified the most common attacks, most common ports used by attackers, and degree of success of decoy service scripts.
Approved for public release; distribution is unlimited.
Showing items related by title, author, creator and subject.
Lim, Sze Li Harry (Monterey, California. Naval Postgraduate School, 2006-12);A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. While the security community is reaping fruits of this collection tool, the hacker ...
Duong, Binh T. (Monterey, California. Naval Postgraduate School, 2006-03);Honeypots are computer systems deliberately designed to be attack targets, mainly to learn about cyber-attacks and attacker behavior. When implemented as part of a security posture, honeypots also protect real networks by ...
Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ...