Towards an invisible honeypot monitoring system

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more "invisible" and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages111-122
Number of pages12
Volume4058 LNCS
DOIs
Publication statusPublished - 2006
Event11th Australasian Conference on Information Security and Privacy, ACISP 2006 - Melbourne, Australia
Duration: 2006 Jul 32006 Jul 5

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4058 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other11th Australasian Conference on Information Security and Privacy, ACISP 2006
CountryAustralia
CityMelbourne
Period06/7/306/7/5

Fingerprint

Honeypot
Monitoring System
Technology
Monitoring
Watches
Data acquisition
Virtual Machine
Trap
Experimental Results
Demonstrate

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Quynh, N. A., & Takefuji, Y. (2006). Towards an invisible honeypot monitoring system. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4058 LNCS, pp. 111-122). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4058 LNCS). https://doi.org/10.1007/11780656_10

Towards an invisible honeypot monitoring system. / Quynh, Nguyen Anh; Takefuji, Yoshiyasu.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4058 LNCS 2006. p. 111-122 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4058 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Quynh, NA & Takefuji, Y 2006, Towards an invisible honeypot monitoring system. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4058 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4058 LNCS, pp. 111-122, 11th Australasian Conference on Information Security and Privacy, ACISP 2006, Melbourne, Australia, 06/7/3. https://doi.org/10.1007/11780656_10
Quynh NA, Takefuji Y. Towards an invisible honeypot monitoring system. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4058 LNCS. 2006. p. 111-122. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11780656_10
Quynh, Nguyen Anh ; Takefuji, Yoshiyasu. / Towards an invisible honeypot monitoring system. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4058 LNCS 2006. pp. 111-122 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{d951941bfa32412eaf9a01b94405d4cb,
title = "Towards an invisible honeypot monitoring system",
abstract = "Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more {"}invisible{"} and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.",
author = "Quynh, {Nguyen Anh} and Yoshiyasu Takefuji",
year = "2006",
doi = "10.1007/11780656_10",
language = "English",
isbn = "3540354581",
volume = "4058 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "111--122",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Towards an invisible honeypot monitoring system

AU - Quynh, Nguyen Anh

AU - Takefuji, Yoshiyasu

PY - 2006

Y1 - 2006

N2 - Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more "invisible" and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.

AB - Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more "invisible" and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.

UR - http://www.scopus.com/inward/record.url?scp=33746360951&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33746360951&partnerID=8YFLogxK

U2 - 10.1007/11780656_10

DO - 10.1007/11780656_10

M3 - Conference contribution

AN - SCOPUS:33746360951

SN - 3540354581

SN - 9783540354581

VL - 4058 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 111

EP - 122

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -