A novel stealthy data capture tool for honeypot system

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

Data capture tool is one of the core components of a honeypot system. The most vital requirement of this component is: it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This paper presents a novel approach to improve Sebek on this aspect. We proposes a design and implementation of a tool named Xebek, which is based on Xen technology, to fix the most outstanding problems of Sebek. Our experimental results prove that Xebek is much more covert, while the reliability and efficient are improved significantly.

Original languageEnglish
Pages (from-to)209-215
Number of pages7
JournalWSEAS Transactions on Computers
Volume5
Issue number1
Publication statusPublished - 2006 Jan

Fingerprint

Data acquisition

Keywords

  • Data capture tool
  • Honeypot
  • Intrusion detection
  • Security attack
  • Stealthy communication
  • Xen

ASJC Scopus subject areas

  • Computer Science (miscellaneous)

Cite this

A novel stealthy data capture tool for honeypot system. / Quynh, Nguyen Anh; Takefuji, Yoshiyasu.

In: WSEAS Transactions on Computers, Vol. 5, No. 1, 01.2006, p. 209-215.

Research output: Contribution to journalArticle

@article{440e0f90c18e4dcf88bce3ecf20455ec,
title = "A novel stealthy data capture tool for honeypot system",
abstract = "Data capture tool is one of the core components of a honeypot system. The most vital requirement of this component is: it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This paper presents a novel approach to improve Sebek on this aspect. We proposes a design and implementation of a tool named Xebek, which is based on Xen technology, to fix the most outstanding problems of Sebek. Our experimental results prove that Xebek is much more covert, while the reliability and efficient are improved significantly.",
keywords = "Data capture tool, Honeypot, Intrusion detection, Security attack, Stealthy communication, Xen",
author = "Quynh, {Nguyen Anh} and Yoshiyasu Takefuji",
year = "2006",
month = "1",
language = "English",
volume = "5",
pages = "209--215",
journal = "WSEAS Transactions on Computers",
issn = "1109-2750",
publisher = "World Scientific and Engineering Academy and Society",
number = "1",

}

TY - JOUR

T1 - A novel stealthy data capture tool for honeypot system

AU - Quynh, Nguyen Anh

AU - Takefuji, Yoshiyasu

PY - 2006/1

Y1 - 2006/1

N2 - Data capture tool is one of the core components of a honeypot system. The most vital requirement of this component is: it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This paper presents a novel approach to improve Sebek on this aspect. We proposes a design and implementation of a tool named Xebek, which is based on Xen technology, to fix the most outstanding problems of Sebek. Our experimental results prove that Xebek is much more covert, while the reliability and efficient are improved significantly.

AB - Data capture tool is one of the core components of a honeypot system. The most vital requirement of this component is: it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This paper presents a novel approach to improve Sebek on this aspect. We proposes a design and implementation of a tool named Xebek, which is based on Xen technology, to fix the most outstanding problems of Sebek. Our experimental results prove that Xebek is much more covert, while the reliability and efficient are improved significantly.

KW - Data capture tool

KW - Honeypot

KW - Intrusion detection

KW - Security attack

KW - Stealthy communication

KW - Xen

UR - http://www.scopus.com/inward/record.url?scp=30644465166&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=30644465166&partnerID=8YFLogxK

M3 - Article

VL - 5

SP - 209

EP - 215

JO - WSEAS Transactions on Computers

JF - WSEAS Transactions on Computers

SN - 1109-2750

IS - 1

ER -