Comparative Survey of Local Honeypot Sensors to Assist Network Forensics

S
SADFE
2005
First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)
Abstract - Comparative Survey of Local Honeypot Sensors to Assist Network Forensics

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by P.T. Chen Articles by C.S. Laih Articles by F. Pouget Articles by M. Dacier

First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)

Taipei, Taiwan

November 07-November 09

ISBN: 0-7695-2478-8

	ASCII Text	x
	P.T. Chen, C.S. Laih, F. Pouget, M. Dacier, "Comparative Survey of Local Honeypot Sensors to Assist Network Forensics," Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on, pp. 120-134, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005.

	BibTex	x
	@article{ 10.1109/SADFE.2005.6, author = {P.T. Chen and C.S. Laih and F. Pouget and M. Dacier}, title = {Comparative Survey of Local Honeypot Sensors to Assist Network Forensics}, journal ={Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on}, volume = {0}, year = {2005}, isbn = {0-7695-2478-8}, pages = {120-134}, doi = {http://doi.ieeecomputersociety.org/10.1109/SADFE.2005.6}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on TI - Comparative Survey of Local Honeypot Sensors to Assist Network Forensics SN - 0-7695-2478-8 SP120 EP134 A1 - P.T. Chen, A1 - C.S. Laih, A1 - F. Pouget, A1 - M. Dacier, PY - 2005 KW - null VL - 0 JA - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on ER -

P.T. Chen, National Cheng Kung University Tainan, Taiwan

C.S. Laih, National Cheng Kung University Tainan, Taiwan

F. Pouget, Institut Eurecom Sophia-Antipolis, France

M. Dacier, Institut Eurecom Sophia-Antipolis, France

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SADFE.2005.6

This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration issues or highlight attacks particular to some given environments. Both cases are important for administrators in charge of the networks hosting the sensors. We propose in this paper a comparison of simple parameters that reveal to be an easy way to determine these abnormal and particular activities. On the basis of two identical honeypot sensors that we have deployed for more than 6 months in France and in Taiwan, we detail the analysis of some anomalies that have been found against one unique sensor only. This is a preliminary but useful stage for network forensics and we intend in a near future to deploy the method over a large number of sensors. This is an on-going work and we hope that the illustrations we provide all along the paper will be a good incentive for partners to join this open project.

Citation:

P.T. Chen, C.S. Laih, F. Pouget, M. Dacier, "Comparative Survey of Local Honeypot Sensors to Assist Network Forensics," sadfe, pp.120-134, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.