The bilateral communication-based dynamic extensible honeypot

Chun Yi Wang, Ya Lyue Jhao, Chuan Sheng Wang, Shih Jen Chen, Fu Hau Hsu, Yao Hsin Chen

研究成果: 書貢獻/報告類型會議論文篇章同行評審

3 引文 斯高帕斯(Scopus)


With network getting progressed, it is very crucial for us to guard the information that we have. One of these methods is the honeypot which is also a very powerful component for security analysts to collect malicious data for a long time. We need to let attackers intrude into a honeypot, so that we can analyze the malicious data we get, and find a method to prevent related attacks. Because it is important to prevent attackers to attack another computer through a honeypot, almost all of the honeypots block outgoing traffic. This may create a serious problem. Some assailants would test whether the computer which they attack is a honeypot by creating some simple external connections. If they know the computer they are attacking is a honeypot, they will not do further malicious behavior. If a honeypot cannot collect attack patterns anymore, it becomes useless. In this paper, we introduce a new design of honeypot, DEH (Dynamic Extensible Two-way Honeypot), to fix this serious problem with a bilateral communication mechanism. DEH based on the bilateral communication allows not only incoming traffic but outgoing traffic. If the outgoing traffic includes malicious shellcode, we can hold this traffic and copy the shellcode, and then DEH replace it with our own code to set up the bilateral communication and protective mechanism of the computer that the attacker wants to intrude into. After we set up the mechanism, we let the attacker intrude into a victim, but he is monitored by our protective mechanism. When attacker wants to send traffic out of the victim, DEH can extend the protective mechanism to other computers or redirected the connections back to the honeypot. Therefore, the mechanism can efficiently not only protect the honeypot from being detected but also prevent the attack from being spread, in the same time we could also get more information from attackers.

主出版物標題ICCST 2015 - The 49th Annual IEEE International Carnahan Conference on Security Technology
發行者Institute of Electrical and Electronics Engineers Inc.
出版狀態已出版 - 21 1月 2016
事件49th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2015 - Taipei, Taiwan
持續時間: 21 9月 201524 9月 2015


名字Proceedings - International Carnahan Conference on Security Technology


???event.eventtypes.event.conference???49th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2015


深入研究「The bilateral communication-based dynamic extensible honeypot」主題。共同形成了獨特的指紋。