Deception can be a useful defensive technique against cyber-attacks; it has the advantage of unexpectedness to attackers
and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers to confuse
attackers and exhaust their time and resources. This work tested the effectiveness of two free honeypot tools in real
networks by varying their location and virtualization, and the effects of adding more deception to them. We tested a
Web honeypot tool, Glastopf and an SSH honeypot tool Kippo. We deployed the Web honeypot in both a residential
network and our organization’s network and as both real and virtual machines; the organization honeypot attracted more
attackers starting in the third week. Results also showed that the virtual honeypots received attacks from more unique IP
addresses. They also showed that adding deception to the Web honeypot, in the form of additional linked Web pages
and interactive features, generated more interest by attackers. For the purpose of comparison, we used examined log
files of a legitimate Web-site www.cmand.org. The traffic distributions for the Web honeypot and the legitimate Web
site showed similarities (with much malicious traffic from Brazil), but the SSH honeypot was different (with much
malicious traffic from China). Contrary to previous experiments where traffic to static honeypots decreased quickly, our
honeypots received increasing traffic over a period of three months. It appears that both honeypot tools are useful for
providing intelligence about cyber-attack methods, and that additional deception is helpful.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.