A Survey: Recent Advances and Future Trends in Honeypot Research

This paper presents a survey on recent advances in honeypot research from a review of 80+ papers on honeypots and related topics mostly published after year 2005. This paper summarizes 60 papers that had significant contribution to the field. In reviewing the literature, it became apparent that the research can be broken down into five major areas:  new types of honeypots to cope with emergent new security threats,  utilizing honeypot output data to improve the accuracy in threat detections,  configuring honeypots to reduce the cost of maintaining honeypots as well as to improve the accuracy in threat detections,  counteracting honeypot detections by attackers, and  legal and ethical issues in using honeypots. Our literature reviews indicate that the advances in the first four areas reflect the recent changes in our networking environments, such as those in user demography and the ways those diverse users use new applications. Our literature reviews on legal and ethical issues in using honeypots reveals that there has not been widely accepted agreement on the legal and ethical issues about honeypots, which must be an important agenda in future honeypot research.

[1]  Neil C. Rowe,et al.  Defending Cyberspace with Fake Honeypots , 2007, J. Comput..

[2]  Sven Krasser,et al.  Analyzing Network and Content Characteristics of Spim Using Honeypots , 2007, SRUTI.

[3]  Adel Bouhoula,et al.  Honeypot router for routing protocols protection , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[4]  Ram Dantu,et al.  Fast Worm Containment Using Feedback Control , 2007, IEEE Transactions on Dependable and Secure Computing.

[5]  William Yurcik,et al.  Internet honeypots: protection or entrapment? , 2002, IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).

[6]  Bradley S. Rubin,et al.  Computer Security Education and Research: Handle with Care , 2006, IEEE Security & Privacy.

[7]  Jérémy Briffaut,et al.  Security and Results of a Large-Scale High-Interaction Honeypot , 2009, J. Comput..

[8]  Angelos D. Keromytis,et al.  Detecting Targeted Attacks Using Shadow Honeypots , 2005, USENIX Security Symposium.

[9]  Vinu V. Das,et al.  Honeypot Scheme for Distributed Denial-of-Service , 2009, 2009 International Conference on Advanced Computer Control.

[10]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[11]  Ming-Yang Su Internet worms identification through serial episodes mining , 2010, ECTI-CON2010: The 2010 ECTI International Confernce on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology.

[12]  Dharma P. Agrawal,et al.  Intelligent honeypot agent for blackhole attack detection in Wireless Mesh Networks , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[13]  Thomas M. Chen,et al.  Design considerations for a honeypot for SQL injection Attacks , 2009, 2009 IEEE 34th Conference on Local Computer Networks.

[14]  Calton Pu,et al.  Social Honeypots: Making Friends With A Spammer Near You , 2008, CEAS.

[15]  Radu State,et al.  Activity Monitoring for large honeynets and network telescopes , 2008 .

[16]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[17]  Xuxian Jiang,et al.  "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots , 2007, RAID.

[18]  H. Anthony Chan,et al.  Detection of Zero-Day Polymorphic Worms Using Principal Component Analysis , 2010, 2010 Sixth International Conference on Networking and Services.

[19]  Thorsten Holz,et al.  NoSEBrEaK - attacking honeynets , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[20]  Thomas Engel,et al.  Towards an Estimation of the Accuracy of TCP Reassembly in Network Forensics , 2008, 2008 Second International Conference on Future Generation Communication and Networking.

[21]  Lin Chen,et al.  Dynamic Forensics Based on Intrusion Tolerance , 2009, 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[22]  Yong Tang,et al.  Defending against Internet worms: a signature-based approach , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[23]  Nandamudi L. Vijaykumar,et al.  HIDEF: a Data Exchange Format for Information Collected in Honeypots and Honeynets , 2008 .

[24]  Frédéric Raynal,et al.  Honeypot Forensics Part I: Analyzing the Network , 2004, IEEE Secur. Priv..

[25]  Vitaly Shmatikov,et al.  Large-scale collection and sanitization of network security data: risks and challenges , 2006, NSPW '06.

[26]  Niels Provos,et al.  Data reduction for the scalable automated analysis of distributed darknet traffic , 2005, IMC '05.

[27]  Heikki Mannila,et al.  Discovery of Frequent Episodes in Event Sequences , 1997, Data Mining and Knowledge Discovery.

[28]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[29]  Chengyu Song,et al.  Collecting Autonomous Spreading Malware Using High-Interaction Honeypots , 2007, ICICS.

[30]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[31]  Andrew H. Sung,et al.  Detection of Virtual Environments and Low Interaction Honeypots , 2007 .

[32]  Doug Nordwall,et al.  Assessment of Virtualization as a Sensor Technique , 2010, 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[33]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[34]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[35]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[36]  Jose Nazario,et al.  PhoneyC: A Virtual Client Honeypot , 2009, LEET.

[37]  Thorsten Holz Learning More About Attack Patterns With Honeypots , 2006, Sicherheit.

[38]  Jin-Yi Cai,et al.  Camouflaging Honeynets , 2007, 2007 IEEE Global Internet Symposium.

[39]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[40]  Philippe Owezarski,et al.  Shark: Spy Honeypot with Advanced Redirection Kit , 2007 .

[41]  Wenke Lee,et al.  Misleading worm signature generators using deliberate noise injection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[42]  Frédéric Raynal,et al.  Honeypot Forensics, Part II: Analyzing the Compromised Host , 2004, IEEE Secur. Priv..

[43]  Vinod Yegneswaran,et al.  Using Honeynets for Internet Situational Awareness , 2005 .

[44]  Neal Krawetz,et al.  Anti-honeypot technology , 2004, IEEE Security & Privacy Magazine.

[45]  Shujun Li,et al.  A novel anti-phishing framework based on honeypots , 2009, 2009 eCrime Researchers Summit.

[46]  T. Holz,et al.  Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[47]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[48]  A. Akhmetova Discovery of Frequent Episodes in Event Sequences , 2006 .

[49]  Xianfeng Zhang,et al.  The Worm Propagation Model and Control Strategy Based on Distributed Honeynet , 2008, 2008 International Conference on Computer Science and Software Engineering.

[50]  Jan Kohlrausch Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms , 2009, 2009 Fifth International Conference on IT Security Incident Management and IT Forensics.

[51]  Tobias Lauinger,et al.  Honeybot, Your Man in the Middle for Automated Social Engineering , 2010, LEET.

[52]  Yoshihiro Oyama,et al.  Malware analysis system using process-level virtualization , 2009, 2009 IEEE Symposium on Computers and Communications.

[53]  Ryan Cunningham,et al.  Honeypot-Aware Advanced Botnet Construction and Maintenance , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[54]  Henry L. Owen,et al.  A Method for Historical Ext3 Inode to Filename Translation on Honeypots , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[55]  Omer F. Rana,et al.  Honeyware: A Web-Based Low Interaction Client Honeypot , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[56]  Xuejun Tan,et al.  On Recognizing Virtual Honeypots and Countermeasures , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[57]  Haifeng Wang,et al.  Design of cooperative deployment in distributed Honeynet system , 2010, The 2010 14th International Conference on Computer Supported Cooperative Work in Design.