Abstract
Data capture tool is one of the core components of a honeypot system. The most vital requirement of this component is: it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This paper presents a novel approach to improve Sebek on this aspect. We proposes a design and implementation of a tool named Xebek, which is based on Xen technology, to fix the most outstanding problems of Sebek. Our experimental results prove that Xebek is much more covert, while the reliability and efficient are improved significantly.
| Original language | English |
|---|---|
| Pages (from-to) | 209-215 |
| Number of pages | 7 |
| Journal | WSEAS Transactions on Computers |
| Volume | 5 |
| Issue number | 1 |
| Publication status | Published - 2006 Jan |
Keywords
- Data capture tool
- Honeypot
- Intrusion detection
- Security attack
- Stealthy communication
- Xen
ASJC Scopus subject areas
- Computer Science(all)