Share Email Print

Proceedings Paper

Testing simple deceptive honeypot tools
Author(s): Aymen Yahyaoui; Neil C. Rowe
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Deception can be a useful defensive technique against cyber-attacks; it has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers to confuse attackers and exhaust their time and resources. This work tested the effectiveness of two free honeypot tools in real networks by varying their location and virtualization, and the effects of adding more deception to them. We tested a Web honeypot tool, Glastopf and an SSH honeypot tool Kippo. We deployed the Web honeypot in both a residential network and our organization’s network and as both real and virtual machines; the organization honeypot attracted more attackers starting in the third week. Results also showed that the virtual honeypots received attacks from more unique IP addresses. They also showed that adding deception to the Web honeypot, in the form of additional linked Web pages and interactive features, generated more interest by attackers. For the purpose of comparison, we used examined log files of a legitimate Web-site The traffic distributions for the Web honeypot and the legitimate Web site showed similarities (with much malicious traffic from Brazil), but the SSH honeypot was different (with much malicious traffic from China). Contrary to previous experiments where traffic to static honeypots decreased quickly, our honeypots received increasing traffic over a period of three months. It appears that both honeypot tools are useful for providing intelligence about cyber-attack methods, and that additional deception is helpful.

Paper Details

Date Published: 14 May 2015
PDF: 15 pages
Proc. SPIE 9458, Cyber Sensing 2015, 945803 (14 May 2015); doi: 10.1117/12.2179793
Show Author Affiliations
Aymen Yahyaoui, Tunisian Air Force (Tunisia)
Neil C. Rowe, Naval Postgraduate School (United States)

Published in SPIE Proceedings Vol. 9458:
Cyber Sensing 2015
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?