Volume 4 Number 5 (May 2009)
Home > Archive > 2009 > Volume 4 Number 5 (May 2009) >
JCP 2009 Vol.4(5): 395-404 ISSN: 1796-203X
doi: 10.4304/jcp.4.5.395-404

Security and Results of a Large-Scale High-Interaction Honeypot

J. Briffaut, J.-F. Lalande, C. Toinard
Laboratoire d’Informatique Fondamentale d’Orléans Ensi de Bourges 88 bd Lahitolle, 18020 Bourges Cedex, France
Abstract—This paper presents the design and discusses the results of a secured high-interaction honeypot. The challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents system corruption. The honeypot must authorize real malicious activities. It must ease the analysis of those activities. A clustered honeypot is proposed for two kinds of hosts. The first class prevents a system corruption and never has to be reinstalled. The second class assumes a system corruption but an easy reinstallation is available. Various off-the-shelf security tools are deployed to detect a corruption and to ease analysis. Moreover, host and network information enable a full analysis for complex scenario of attacks. The solution is totally based on open source software and has been validated over two years. A complete analysis is provided using the collected events and alarms. First, different types of malicious activities are easily reconstructed. Second, correlation of alarms enables us to compare the efficiency of various off-the-shelf security tools. Third, a correlation eases a complete analysis for the host and network activities. Finally, complete examples of attacks are explained. Ongoing works focus on recognition of complex malicious activities using a correlation grid and on distributed analysis.

Index Terms—High-Interaction Honeypot, Attack Monitoring, Intrusion Detection System.

[PDF]

Cite: J. Briffaut, J.-F. Lalande, C. Toinard, "Security and Results of a Large-Scale High-Interaction Honeypot," Journal of Computers vol. 4, no. 5, pp. 395-404, 2009.

General Information

ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Monthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jcp@iap.org
  • Jul 19, 2019 News!

    Vol 14, No 7 has been published with online version   [Click]

  • Jun 21, 2019 News!

    Vol 14, No 6 has been published with online version   [Click]

  • Apr 28, 2019 News!

    Vol 14, No 5 has been published with online version 7 papers are published in this issue after peer review   [Click]

  • Mar 20, 2019 News!

    Vol 14, No 3 has been published with online version   [Click]

  • Feb 22, 2019 News!

    Vol 14, No 2 has been published with online version 8 papers are published in this issue after peer review   [Click]

  • Read more>>