2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2015)
Nov. 5, 2015 to Nov. 5, 2015
This paper introduces a novel honeypot for web application. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, there remains difficulty for developing a lure-able, protect-able, and deception-able honeypot for web applications. In this paper, we present an approach in which attackers will be automatically isolated from the real web server to the honey web server. The key features are employing migration techniques to create a virtual machine as a honey web server, making the honeypot to equip the same memory and storage devices of the real systems, and controlling network traffic with OpenFlow in order to isolate honeypots from the real server. This paper also shows our design and implementation of INTERCEPT+, a component of honeypot systems for web applications.
Web servers, Databases, IP networks, Switches, Virtual machining
A. Hirata, D. Miyamoto, M. Nakayama and H. Esaki, "INTERCEPT+: SDN Support for Live Migration-Based Honeypots," 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), Kyoto, Japan, 2015, pp. 16-24.