The bilateral communication-based dynamic extensible honeypot

Chun Yi Wang, Ya Lyue Jhao, Chuan Sheng Wang, Shih Jen Chen, Fu Hau Hsu, Yao Hsin Chen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

With network getting progressed, it is very crucial for us to guard the information that we have. One of these methods is the honeypot which is also a very powerful component for security analysts to collect malicious data for a long time. We need to let attackers intrude into a honeypot, so that we can analyze the malicious data we get, and find a method to prevent related attacks. Because it is important to prevent attackers to attack another computer through a honeypot, almost all of the honeypots block outgoing traffic. This may create a serious problem. Some assailants would test whether the computer which they attack is a honeypot by creating some simple external connections. If they know the computer they are attacking is a honeypot, they will not do further malicious behavior. If a honeypot cannot collect attack patterns anymore, it becomes useless. In this paper, we introduce a new design of honeypot, DEH (Dynamic Extensible Two-way Honeypot), to fix this serious problem with a bilateral communication mechanism. DEH based on the bilateral communication allows not only incoming traffic but outgoing traffic. If the outgoing traffic includes malicious shellcode, we can hold this traffic and copy the shellcode, and then DEH replace it with our own code to set up the bilateral communication and protective mechanism of the computer that the attacker wants to intrude into. After we set up the mechanism, we let the attacker intrude into a victim, but he is monitored by our protective mechanism. When attacker wants to send traffic out of the victim, DEH can extend the protective mechanism to other computers or redirected the connections back to the honeypot. Therefore, the mechanism can efficiently not only protect the honeypot from being detected but also prevent the attack from being spread, in the same time we could also get more information from attackers.

Original languageEnglish
Title of host publicationICCST 2015 - The 49th Annual IEEE International Carnahan Conference on Security Technology
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages263-268
Number of pages6
ISBN (Electronic)9781479986910
DOIs
StatePublished - 21 Jan 2016
Event49th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2015 - Taipei, Taiwan
Duration: 21 Sep 201524 Sep 2015

Publication series

NameProceedings - International Carnahan Conference on Security Technology
Volume2015-January
ISSN (Print)1071-6572

Conference

Conference49th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2015
Country/TerritoryTaiwan
CityTaipei
Period21/09/1524/09/15

Keywords

  • bait
  • bilateral communication
  • honeynet
  • honeypot
  • shellcode
  • zero-day attack

Fingerprint

Dive into the research topics of 'The bilateral communication-based dynamic extensible honeypot'. Together they form a unique fingerprint.

Cite this