TY - GEN
T1 - Towards an invisible honeypot monitoring system
AU - Quynh, Nguyen Anh
AU - Takefuji, Yoshiyasu
PY - 2006
Y1 - 2006
N2 - Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more "invisible" and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.
AB - Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more "invisible" and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.
UR - http://www.scopus.com/inward/record.url?scp=33746360951&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33746360951&partnerID=8YFLogxK
U2 - 10.1007/11780656_10
DO - 10.1007/11780656_10
M3 - Conference contribution
AN - SCOPUS:33746360951
SN - 3540354581
SN - 9783540354581
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 111
EP - 122
BT - Information Security and Privacy
PB - Springer Verlag
T2 - 11th Australasian Conference on Information Security and Privacy, ACISP 2006
Y2 - 3 July 2006 through 5 July 2006
ER -