Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DASC
2006
IEEE
2006
IEEE
On Recognizing Virtual Honeypots and Countermeasures
— Honeypots are decoys designed to trap, delay, and gather information about attackers. We can use honeypot logs to analyze attackers’ behaviors and design new defenses. A virtual honeypot can emulate multiple honeypots on one physical machine and provide great flexibility in representing one or more networks of machines. But when attackers recognize a honeypot, it becomes useless. In this paper, we address issues related to detecting and “camouflaging” virtual honeypots, in particular Honeyd, which can emulate any size of network on physical machines. We find that an attacker may remotely fingerprint Honeyd by measuring the latency of the network links emulated by Honeyd. We analyze the threat from this fingerprint attack based on the Neyman-Pearson decision theory and find that this class of attack can achieve a high detection rate and low false alarm rate. In order to counter this fingerprint attack, we make virtual honeypots behave like their surrounding networks and...
Real-time Traffic| Added | 10 Jun 2010 |
| Updated | 10 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | DASC |
| Authors | Xinwen Fu, Wei Yu, Dan Cheng, Xuejun Tan, Kevin Streff, Steve Graham |
Comments (0)
Researcher Info
|
