Title :
Countermeasure for detection of honeypot deployment
Author :
Shiue, Lai-Ming ; Kao, Shang-Juh
Author_Institution :
Dept. of Appl. Math., Nat. Chung-Hsing Univ., Chung-Hsing
Abstract :
In this paper, a deceptive system, called honeyanole, is developed to escape from honeypot hunting as well as to collect attacking information. In honeyanole, three phases of collection, redirection and deception are implemented. In the collection phase, four types of attacking information are gathered for cross analysis to build up the blacklist. Upon the blacklist being developed, two redirection techniques, layer-2 and layer-3 redirection, are employed to dynamically transmit incoming traffic to a production or a deception server in the redirection phase. Finally, the deception server could transparently capture the attacking behaviors in the deception phase. With honeyanole, we can effectively prevent honeypot deployment from hunting, build an early warning system, and enhance the system defense.
Keywords :
security of data; attacking information; deception server; deceptive system; early warning system; honeyanole; honeypot deployment; layer-2 redirection; layer-3 redirection; Computer hacking; Computer vision; Delay; Information analysis; Intrusion detection; Network servers; Production; Protocols; Switches; Telecommunication traffic;
Conference_Titel :
Computer and Communication Engineering, 2008. ICCCE 2008. International Conference on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-1691-2
Electronic_ISBN :
978-1-4244-1692-9
DOI :
10.1109/ICCCE.2008.4580673
