Detection of Virtual Environments and Low Interaction Honeypots

Mukkamala, Srinivas; Yendrapalli, K.; Basnet, Ram B.; Shankarapani, M.K.; Sung, Andrew H.

doi:10.1109/iaw.2007.381919

Cited by 34 publications

(15 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… Honeypot anti-detection Topic Author major honeypot detection techniques Holz [53], Mukkamala [54] hijacking honeypots after their detections Dornseif [52] study of Honeypot Hunter McCarty [53] detection using bots Wang [56], Zou [58] denial of service to honeypots Yegneswaran [57] polymorphic worms to honeypots Perdisci [55] Table 4 -Summaries of Section V Section VI discusess the legal and ethical issues involved with honeypots and the data they collect. Although the number of papers published on these issues is still relatively small compared to the other issues in this survey, we considered the issues worth a section because of their importance.…”

Section: Discussionmentioning

confidence: 99%

“…Mukkamala studied detection techniques for lowinteraction honeypots and honeypots running in virtula machines, which are basis for many high-interaction honeypots, by perfogming timing analysis, analyses on avilable server services, and TCP/IP fingerprinintg [54]. Timing analysis measured the response time from a server and detceted honeypots by slower response from honeypots than real production servers.…”

Section: Honeypot Anti-detectionsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey: Recent Advances and Future Trends in Honeypot Research

Bringer¹,

Chelmecki²,

Fujinoki³

2012

IJCNIS

View full text Add to dashboard Cite

This paper presents a survey on recent advances in honeypot research from a review of 80+ papers on honeypots and related topics mostly published after year 2005. This paper summarizes 60 papers that had significant contribution to the field. In reviewing the literature, it became apparent that the research can be broken down into five major areas:  new types of honeypots to cope with emergent new security threats,  utilizing honeypot output data to improve the accuracy in threat detections,  configuring honeypots to reduce the cost of maintaining honeypots as well as to improve the accuracy in threat detections,  counteracting honeypot detections by attackers, and  legal and ethical issues in using honeypots. Our literature reviews indicate that the advances in the first four areas reflect the recent changes in our networking environments, such as those in user demography and the ways those diverse users use new applications. Our literature reviews on legal and ethical issues in using honeypots reveals that there has not been widely accepted agreement on the legal and ethical issues about honeypots, which must be an important agenda in future honeypot research.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Honeypot Anti-detectionsmentioning

confidence: 99%

A Survey: Recent Advances and Future Trends in Honeypot Research

Bringer¹,

Chelmecki²,

Fujinoki³

2012

IJCNIS

View full text Add to dashboard Cite

show abstract

“…(3) ICMP_ECHO_response_time. Mukkamala et al [19] claim that it is common to run several virtual honeypots on a single machine. So, when handling ICMP ECHO request, honeypots are always slower than real systems.…”

Section: Network-layer Featurementioning

confidence: 99%

“…e main problem is that the simulation of high-interaction honeypots is too similar to real systems, making it difficult to detect with a single feature. erefore, other researchers start to extract other features and introduce the latest algorithms [17][18][19]. But there are still many shortcomings; at present, this paper explores honeypot detection technology to improve the effectiveness of deception technologies, which is helpful to promote the current development of honeypot technology.…”

Section: Introductionmentioning

confidence: 99%

Automatic Identification of Honeypot Server Using Machine Learning Techniques

Huang

Han

Zhang³

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

Traditional security strategies are powerless when facing novel attacks in the complex network environment, such as advanced persistent threat (APT). Compared with traditional security detection strategies, the honeypot system, especially on the Internet of things research area, is intended to be attacked and automatically monitor potential attacks by analyzing network packages or log files. The researcher can extract exactly threat actor tactics, techniques, and procedures from these data and then generate more effective defense strategies. But for normal security researchers, it is an urgent topic how to improve the honeypot mechanism which could not be recognized by attackers, and silently capture their behaviors. So, they need awesome intelligent techniques to automatically check remotely whether the server runs honeypot service or not. As the rapid progress in honeypot detection using machine learning technologies, the paper proposed a new automatic identification model based on random forest algorithm with three group features: application-layer feature, network-layer feature, and other system-layer feature. The experiment datasets are collected from public known platforms and designed to prove the effectiveness of the proposed model. The experiment results showed that the presented model achieved a high area under curve (AUC) value with 0.93 (area under the receiver operating characteristic curve), which is better than other machine learning algorithms.

show abstract

“…Systems with a more realistic imitation tend to be more complex to monitor and secure as there is a wider variety of possible actions. There is an abundance of examples, where systems that provide full-fledged operating systems are suffering from easy detection, relay attacks and monitoring circumvention [49][50][51][52][53]. To mitigate detection attempts, it is of significant importance to enable a dynamic configuration, deployment and management of such systems [54,55].…”

Section: Honeypotsmentioning

confidence: 99%

The Dos and Don'ts of Industrial Network Simulation

Antón

Fraunholz

Krummacker

et al. 2018

Proceedings of the 2nd International Symposium on Computer Science and Intelligent Control

View full text Add to dashboard Cite

Advances in industrial control lead to increasing incorporation of intercommunication technologies and embedded devices into the production environment. In addition to that, the rising complexity of automation tasks creates demand for extensive solutions. Standardised protocols and commercial off the shelf devices aid in providing these solutions. Still, setting up industrial communication networks is a tedious and high effort task. This justifies the need for simulation environments in the industrial context, as they provide cost-, resource-and time-efficient evaluation of solution approaches. In this work, industrial use cases are identified and the according requirements are derived. Furthermore, available simulation and emulation tools are analysed. They are mapped onto the requirements of industrial applications, so that an expressive assignment of solutions to application domains is given.

show abstract

Detection of Virtual Environments and Low Interaction Honeypots

Cited by 34 publications

References 4 publications

A Survey: Recent Advances and Future Trends in Honeypot Research

A Survey: Recent Advances and Future Trends in Honeypot Research

Automatic Identification of Honeypot Server Using Machine Learning Techniques

The Dos and Don'ts of Industrial Network Simulation

Contact Info

Product

Resources

About