Hybrid honeypot framework for malware collection and analysis

Kumar, Sanjeev; Sehgal, Rakesh; Bhatia, J. S.

doi:10.1109/iciinfs.2012.6304786

Cited by 14 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Honeypot Framework is a deceptive defense method designed to serves two purposes: early warnings and forensic analysis. These systems are placed to mislead cyber attackers, and then to detect and study the attempts to gain unauthorized access to information systems [10], [11]. Honeypot frameworks are relatively new technology and being adopted by large cloud service providers.…”

Section: B Deceptive Defense Mechanismsmentioning

confidence: 99%

Challenges in Protecting Data for Modern Enterprises

Nur¹,

Kettani²

2020

JOEBM

View full text Add to dashboard Cite

Section: B Deceptive Defense Mechanismsmentioning

confidence: 99%

Challenges in Protecting Data for Modern Enterprises

Nur¹,

Kettani²

2020

JOEBM

View full text Add to dashboard Cite

“…Kumar et al [6] proposed an integrated system that includes client and server honeypots. The server and the client honeypots are controlled by an active controller, which is a single centralized server.…”

Section: Related Literaturementioning

confidence: 99%

Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service

Promise¹,

B.²,

Twum³

2018

IJCA

View full text Add to dashboard Cite

Computer and network security is increasingly becoming not only more significant to industry players but also complex regarding mitigating sophisticated cyber-attacks. It is essential for developers, systems administrators, and web administrators to develop and manage systems that can stand the test of time as far as computer and network attacks are concerned. A hybrid honeypot was deployed in the network setup of the Ghana Education Service. The honeypot set up was made up of Valhalla honeypot and honeyd (lowinteraction honeypots), Cowrie (medium-interaction honeypot), Windows and two Ubuntu OS implemented on real systems (high-interaction honeypot) and Snort. This research goes a step further to collect the attack on data and analyse them. The attacks that were launched against the honeypots deployed in the network were Port Scanning, SSH Brute Force attack, HTTP Authentication Brute Force attack, SQL Injection and Spam. It was discovered that the honeypots received 5061 attack connections from October to December 2017. Majority of the attack connections were TCP based, resulting in 2851 of the total attack connections. The results of this work also show that honeyd receive 36% of the total attacks launched against the honeypots.

show abstract