DocumentCode
2858191
Title
ScriptGen: an automated script generation tool for Honeyd
Author
Leita, Corrado ; Mermoud, Ken ; Dacier, Marc
Author_Institution
Inst. Eurecom, Sophia Antipolis
fYear
2005
fDate
5-9 Dec. 2005
Lastpage
214
Abstract
Honeyd (N. Provos, 2004) is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity
Keywords
automatic programming; security of data; software tools; Honeyd; Internet; ScriptGen; ad hoc script; automated script generation tool; automatic script generation; high interaction honeypot; low interaction honeypot; proprietary protocol; Application software; Automata; Computer security; Documentation; Fingerprint recognition; Internet; Protocols; Web server; Writing;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Applications Conference, 21st Annual
Conference_Location
Tucson, AZ
ISSN
1063-9527
Print_ISBN
0-7695-2461-3
Type
conf
DOI
10.1109/CSAC.2005.49
Filename
1565248
Link To Document