CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 9458 > Article
Paper
14 May 2015 Testing simple deceptive honeypot tools
Aymen Yahyaoui, Neil C. Rowe
Author Affiliations +
Proceedings Volume 9458, Cyber Sensing 2015; 945803 (2015) https://doi.org/10.1117/12.2179793
Event: SPIE Defense + Security, 2015, Baltimore, MD, United States
Abstract
Deception can be a useful defensive technique against cyber-attacks; it has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers to confuse attackers and exhaust their time and resources. This work tested the effectiveness of two free honeypot tools in real networks by varying their location and virtualization, and the effects of adding more deception to them. We tested a Web honeypot tool, Glastopf and an SSH honeypot tool Kippo. We deployed the Web honeypot in both a residential network and our organization’s network and as both real and virtual machines; the organization honeypot attracted more attackers starting in the third week. Results also showed that the virtual honeypots received attacks from more unique IP addresses. They also showed that adding deception to the Web honeypot, in the form of additional linked Web pages and interactive features, generated more interest by attackers. For the purpose of comparison, we used examined log files of a legitimate Web-site www.cmand.org. The traffic distributions for the Web honeypot and the legitimate Web site showed similarities (with much malicious traffic from Brazil), but the SSH honeypot was different (with much malicious traffic from China). Contrary to previous experiments where traffic to static honeypots decreased quickly, our honeypots received increasing traffic over a period of three months. It appears that both honeypot tools are useful for providing intelligence about cyber-attack methods, and that additional deception is helpful.
© (2015) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Aymen Yahyaoui and Neil C. Rowe "Testing simple deceptive honeypot tools", Proc. SPIE 9458, Cyber Sensing 2015, 945803 (14 May 2015); https://doi.org/10.1117/12.2179793
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 15 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 2 scholarly publications.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Internet
Databases
Atrial fibrillation
Network security
Visualization
Analytical research
Computing systems
RELATED CONTENT
Future mobile access for open data platforms and the BBC...
Proceedings of SPIE (March 07 2013)
Research on phone contacts online status based on mobile cloud...
Proceedings of SPIE (March 14 2013)
Design of interactive multimedia teaching system based on collaborative filtering
Proceedings of SPIE (May 06 2022)
A digital archiving system and distributed server side processing of...
Proceedings of SPIE (March 13 2009)
Buddy: fusing multiple search results together
Proceedings of SPIE (March 21 2003)
Web usage data mining agent
Proceedings of SPIE (March 12 2002)
Real-time query system based on three layers
Proceedings of SPIE (September 02 2003)
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top