On Recognizing Virtual Honeypots and Countermeasures

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Xinwen Fu Articles by Wei Yu Articles by Dan Cheng Articles by Xuejun Tan Articles by Kevin Streff Articles by Steve Graham

2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06)

Indiana University-Purdue University, Indianapolis, USA

September 29-October 01

ISBN: 0-7695-2539-3

	ASCII Text	x
	Xinwen Fu, Wei Yu, Dan Cheng, Xuejun Tan, Kevin Streff, Steve Graham, "On Recognizing Virtual Honeypots and Countermeasures," Dependable, Autonomic and Secure Computing, IEEE International Symposium on, pp. 211-218, 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06), 2006.

	BibTex	x
	@article{ 10.1109/DASC.2006.36, author = {Xinwen Fu and Wei Yu and Dan Cheng and Xuejun Tan and Kevin Streff and Steve Graham}, title = {On Recognizing Virtual Honeypots and Countermeasures}, journal ={Dependable, Autonomic and Secure Computing, IEEE International Symposium on}, volume = {0}, year = {2006}, isbn = {0-7695-2539-3}, pages = {211-218}, doi = {http://doi.ieeecomputersociety.org/10.1109/DASC.2006.36}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable, Autonomic and Secure Computing, IEEE International Symposium on TI - On Recognizing Virtual Honeypots and Countermeasures SN - 0-7695-2539-3 SP211 EP218 A1 - Xinwen Fu, A1 - Wei Yu, A1 - Dan Cheng, A1 - Xuejun Tan, A1 - Kevin Streff, A1 - Steve Graham, PY - 2006 KW - null VL - 0 JA - Dependable, Autonomic and Secure Computing, IEEE International Symposium on ER -

Wei Yu

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DASC.2006.36

Honeypots are decoys designed to trap, delay, and gather information about attackers. We can use honeypot logs to analyze attackers? behaviors and design new defenses. A virtual honeypot can emulate multiple honeypots on one physical machine and provide great flexibility in representing one or more networks of machines. But when attackers recognize a honeypot, it becomes useless. In this paper, we address issues related to detecting and "camouflaging" virtual honeypots, in particular Honeyd, which can emulate any size of network on physical machines. We find that an attacker may remotely fingerprint Honeyd by measuring the latency of the network links emulated by Honeyd. We analyze the threat from this fingerprint attack based on the Neyman-Pearson decision theory and find that this class of attack can achieve a high detection rate and low false alarm rate. In order to counter this fingerprint attack, we make virtual honeypots behave like their surrounding networks and blend in with their surroundings. We design a camouflaged Honeyd by revising a small part of the Honeyd toolkit code and by appropriately patching the operating system. Our experiments demonstrate the effectiveness of our approach to camouflaging Honeyd.

Citation:

Xinwen Fu, Wei Yu, Dan Cheng, Xuejun Tan, Kevin Streff, Steve Graham, "On Recognizing Virtual Honeypots and Countermeasures," dasc, pp.211-218, 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.