Cover Image

Improving exposure of intrusion deception system through implementation of hybrid honeypot

This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to...

Full description

Saved in:
Bibliographic Details
Main Authors: Mansoori, Masood, Zakaria, Omar, Gani, Abdullah
Format: Article
Language:English
Published: Zarqa University, Jordan 2012
Subjects:
T Technology (General)
Online Access:http://eprints.um.edu.my/4462/1/2012_Improving_Exposure_of_intrusion_deception_system_through_implementation_of_hybrid_honeypot.pdf
http://eprints.um.edu.my/4462/
http://iajit.org/PDF/vol.9,no.5/2937-5.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.um.eprints.4462
record_format eprints
spelling my.um.eprints.44622018-10-12T01:22:15Z http://eprints.um.edu.my/4462/ Improving exposure of intrusion deception system through implementation of hybrid honeypot Mansoori, Masood Zakaria, Omar Gani, Abdullah T Technology (General) This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot simplifies the analysis process by classifying traffics as malicious, however it also lessens its ability to lure attackers through exposure of vulnerable service. As a result it captures smaller amount of data on attacks for analysis. Client honeypot designs, on the other hand, contain modules that actively interact with outside networks, expose vulnerabilities in client side software, and identify malicious content, hosted on webservers. The proposed hybrid system integrates active module concept of a client honeypot into a server honeypot. The active module interacts with webservers utilising a custom crawler and browser, publicises the honeypot�s IP address and therefore improves exposure of server honeypot's vulnerable services. The findings presented in this paper show that interaction with webservers improves exposure, and results in significantly higher number of attacks, which in turn, increases the probability of discovering new threats. The findings also characterise most attacks to be worm based and directed at Windows based hosts and services. Zarqa University, Jordan 2012 Article PeerReviewed application/pdf en http://eprints.um.edu.my/4462/1/2012_Improving_Exposure_of_intrusion_deception_system_through_implementation_of_hybrid_honeypot.pdf Mansoori, Masood and Zakaria, Omar and Gani, Abdullah (2012) Improving exposure of intrusion deception system through implementation of hybrid honeypot. The International Arab Journal of Information Technology, 9 (5). pp. 436-444. ISSN 1683-3198 http://iajit.org/PDF/vol.9,no.5/2937-5.pdf
institution Universiti Malaya
building UM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaya
content_source UM Research Repository
url_provider http://eprints.um.edu.my/
language English
topic T Technology (General)
spellingShingle T Technology (General)
Mansoori, Masood
Zakaria, Omar
Gani, Abdullah
Improving exposure of intrusion deception system through implementation of hybrid honeypot
description This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot simplifies the analysis process by classifying traffics as malicious, however it also lessens its ability to lure attackers through exposure of vulnerable service. As a result it captures smaller amount of data on attacks for analysis. Client honeypot designs, on the other hand, contain modules that actively interact with outside networks, expose vulnerabilities in client side software, and identify malicious content, hosted on webservers. The proposed hybrid system integrates active module concept of a client honeypot into a server honeypot. The active module interacts with webservers utilising a custom crawler and browser, publicises the honeypot�s IP address and therefore improves exposure of server honeypot's vulnerable services. The findings presented in this paper show that interaction with webservers improves exposure, and results in significantly higher number of attacks, which in turn, increases the probability of discovering new threats. The findings also characterise most attacks to be worm based and directed at Windows based hosts and services.
format Article
author Mansoori, Masood
Zakaria, Omar
Gani, Abdullah
author_facet Mansoori, Masood
Zakaria, Omar
Gani, Abdullah
author_sort Mansoori, Masood
title Improving exposure of intrusion deception system through implementation of hybrid honeypot
title_short Improving exposure of intrusion deception system through implementation of hybrid honeypot
title_full Improving exposure of intrusion deception system through implementation of hybrid honeypot
title_fullStr Improving exposure of intrusion deception system through implementation of hybrid honeypot
title_full_unstemmed Improving exposure of intrusion deception system through implementation of hybrid honeypot
title_sort improving exposure of intrusion deception system through implementation of hybrid honeypot
publisher Zarqa University, Jordan
publishDate 2012
url http://eprints.um.edu.my/4462/1/2012_Improving_Exposure_of_intrusion_deception_system_through_implementation_of_hybrid_honeypot.pdf
http://eprints.um.edu.my/4462/
http://iajit.org/PDF/vol.9,no.5/2937-5.pdf
_version_ 1643687340042878976
score 13.211869

Similar Items