21st Annual Computer Security Applications Conference (ACSAC'05)
DOI: 10.1109/csac.2005.49
|View full text |Cite
|
Sign up to set email alerts
|

ScriptGen: an automated script generation tool for honeyd

Abstract: Honeyd [14] is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and descr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
106
0
3

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 114 publications
(109 citation statements)
references
References 4 publications
0
106
0
3
Order By: Relevance
“…Current approaches to protocol inference can be divided into two primary groups: those that infer partial or complete protocol formats [5,6,7,8,9,10], and those that infer a state machine model [11,12]. Both groups can be further divided into those that examine network traces [5,11,6,7], and those that additionally examine how a protocol implementation processes those traces [8,9,10,12].…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Current approaches to protocol inference can be divided into two primary groups: those that infer partial or complete protocol formats [5,6,7,8,9,10], and those that infer a state machine model [11,12]. Both groups can be further divided into those that examine network traces [5,11,6,7], and those that additionally examine how a protocol implementation processes those traces [8,9,10,12].…”
Section: Related Workmentioning
confidence: 99%
“…Both groups can be further divided into those that examine network traces [5,11,6,7], and those that additionally examine how a protocol implementation processes those traces [8,9,10,12]. Each approach has different strengths and weaknesses, but both must identify the location and size of protocol headers.…”
Section: Related Workmentioning
confidence: 99%
“…SGNET obtains the aforementioned objective exploiting the strengths of the ScriptGen technology [22,21] and dynamically combining them with other existing solutions, namely Argos [25] and Nepenthes [4]. However, SGNET is more than a simple deployment of existing tools.…”
Section: Introductionmentioning
confidence: 99%
“…The ScriptGen learning takes as input a set of samples of network interaction between a client and the real implementation of a server. The core of the learning phase is the Region Analysis algorithm introduced in [22]: taking advantage of bioinformatics alignment algorithms [23], the algorithm exploits the statistical variability of the samples to identify portions of the protocol stream likely to carry a strong semantic meaning and discard the others. This enables us to rebuild a semantic abstraction as shown in Figure 1 for an excerpt of SMTP FSM.…”
Section: Introduction To Scriptgenmentioning
confidence: 99%
See 1 more Smart Citation