Countermeasure for detection of honeypot deployment

Author

Shiue, Lai-Ming ; Kao, Shang-Juh

Author_Institution

Dept. of Appl. Math., Nat. Chung-Hsing Univ., Chung-Hsing

fYear

2008

fDate

13-15 May 2008

Firstpage

595

Lastpage

599

Abstract

In this paper, a deceptive system, called honeyanole, is developed to escape from honeypot hunting as well as to collect attacking information. In honeyanole, three phases of collection, redirection and deception are implemented. In the collection phase, four types of attacking information are gathered for cross analysis to build up the blacklist. Upon the blacklist being developed, two redirection techniques, layer-2 and layer-3 redirection, are employed to dynamically transmit incoming traffic to a production or a deception server in the redirection phase. Finally, the deception server could transparently capture the attacking behaviors in the deception phase. With honeyanole, we can effectively prevent honeypot deployment from hunting, build an early warning system, and enhance the system defense.

Keywords

security of data; attacking information; deception server; deceptive system; early warning system; honeyanole; honeypot deployment; layer-2 redirection; layer-3 redirection; Computer hacking; Computer vision; Delay; Information analysis; Intrusion detection; Network servers; Production; Protocols; Switches; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Communication Engineering, 2008. ICCCE 2008. International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4244-1691-2

Electronic_ISBN

978-1-4244-1692-9

Type

conf

DOI

10.1109/ICCCE.2008.4580673

Filename

4580673