A honeypot system with honeyword-driven fake interactive sessions

Honeypots are an indispensable tool for network and system security as well as for computer forensic investigations. They can be helpful for detecting possible intrusions, as well as for gathering information about their source, attack patterns, final target and purpose. Highly interactive honeypots, are probably the most useful and enlightening ones, since they reveal many information about intruders' behavior and skills, even though the implementation and setup of such tools might require considerable efforts and computational resources. Accordingly we present an architecture for highly interactive honeypots aiming at detecting password-cracking attacks by means of honeywords and leveraging container-based virtualization to provide persistent sessions needed to capture attacker activities.

[1]  Wpin Samur Unified Login with Pluggable Authentication Modules ( PAM ) , 1999 .

[2]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[3]  Youngsong Mun,et al.  Design and Implementation of the HoneyPot System with Focusing on the Session Redirection , 2004, ICCSA.

[4]  F. Cohen The Use of Deception Techniques : Honeypots and Decoys , 2004 .

[5]  Randal C. Burns,et al.  Secure deletion for a versioning file system , 2005, FAST'05.

[6]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[7]  Giuseppe Ateniese,et al.  Verifiable audit trails for a versioning file system , 2005, StorageSS '05.

[8]  Rayford B. Vaughn,et al.  Experiences with Honeypot Systems: Development, Deployment, and Analysis , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[9]  Marc Dacier,et al.  Lessons learned from the deployment of a high-interaction honeypot , 2006, 2006 Sixth European Dependable Computing Conference.

[10]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[11]  Dan Boneh,et al.  Kamouflage: Loss-Resistant Password Management , 2010, ESORICS.

[12]  P. Menage Adding Generic Process Containers to the Linux Kernel , 2010 .

[13]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[14]  Mahmoud T. Qassrawi,et al.  Deception Methodology in Virtual Honeypots , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[15]  Alfredo De Santis,et al.  E-mail-Based Covert Channels for Asynchronous Message Steganography , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[16]  Alfredo De Santis,et al.  Steganography and Secure Communication on Online Social Networks and Online Photo Sharing , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[17]  Francesco Palmieri,et al.  New Steganographic Techniques for the OOXML File Format , 2011, ARES.

[18]  Elisa Bertino,et al.  Design and Implementation of an Intrusion Response System for Relational Databases , 2011, IEEE Transactions on Knowledge and Data Engineering.

[19]  Alfredo De Santis,et al.  An asynchronous covert channel using spam , 2012, Comput. Math. Appl..

[20]  Angelos D. Keromytis,et al.  SAuth: protecting user accounts from password database leaks , 2013, CCS.

[21]  Alfredo De Santis,et al.  Network anomaly detection with the restricted Boltzmann machine , 2013, Neurocomputing.

[22]  Elisa Bertino,et al.  Single-Database Private Information Retrieval from Fully Homomorphic Encryption , 2013, IEEE Transactions on Knowledge and Data Engineering.

[23]  Petros Nicopolitidis,et al.  Analysis and visualization of SSH attacks using honeypots , 2013, Eurocon 2013.

[24]  Alessio Merlo,et al.  Improving energy efficiency in distributed intrusion detection systems , 2013, J. High Speed Networks.

[25]  Mohammad Mannan,et al.  Explicit authentication response considered harmful , 2013, NSPW '13.

[26]  Alessio Merlo,et al.  Energy Consumption Simulation of Different Distributed Intrusion Detection Approaches , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[27]  Alessio Merlo,et al.  Towards energy-aware intrusion detection systems on mobile devices , 2013, 2013 International Conference on High Performance Computing & Simulation (HPCS).

[28]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[29]  Imran Erguler Some Remarks on Honeyword Based Password-Cracking Detection , 2014, IACR Cryptol. ePrint Arch..

[30]  Alessio Merlo,et al.  Optimizing Network Energy Consumption through Intrusion Prevention Systems , 2014, SOCO-CISIS-ICEUTE.

[31]  Francesco Palmieri,et al.  A distributed approach to network anomaly detection based on independent component analysis , 2014, Concurr. Comput. Pract. Exp..

[32]  Ahmad-Reza Sadeghi,et al.  A trusted versioning file system for passive mobile storage devices , 2014, J. Netw. Comput. Appl..

[33]  Samrat Mondal,et al.  Tag Digit Based Honeypot to Detect Shoulder Surfing Attack , 2014, SSCC.

[34]  Alessio Merlo,et al.  Anomaly Detection in Computer Networks: A State-of-the-Art Review , 2014, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[35]  Imran Erguler Achieving Flatness: Selecting the Honeywords from Existing User Passwords , 2016, IEEE Transactions on Dependable and Secure Computing.

[36]  Honeypots,et al.  Honeypots Definitions and Value of Honeypots , .