Introduction to Honeypot

Honeypot is a decoy system or a simulated application which simulates an entire network to lure attacker by disguising itself with popular vulnerabilities. There are different types of honeypots. For instance, a research honeypot can assist researchers to monitor and analyse the activities of the attacker that are captured in the honeypot. Usually, honeypot can be categorised into three different sub-types based on its purpose, interaction and form. It is then further categorised according to its nature, specialization and framework. Honeypot, however, is not a foolproof concept; often it can be detected by experienced attacker. The information about the features of honeypot and anti-honeypot tools are widely available online to educate attackers. This book will cover the honeypot to detect some of the more popular and damaging attacks such as worm, DDoS, APT, phishing and insider breaches. It will also cover the application of forensics work in honeypot and proposed concept from honeypot researchers to enhance the features of honeypot so as to make it difficult distinguish between a real host and honeypot.

[1]  Bimal Kumar Mishra,et al.  Honeypot-based Signature Generation for Polymorphic Worms , 2014 .

[2]  Rob Sloan,et al.  Advanced Persistent Threat , 2014 .

[3]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[4]  Tshilidzi Marwala,et al.  An Effective ODAIDS-HPS Approach for Preventing, Detecting and Responding to DDoS Attacks , 2015 .

[5]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[6]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[7]  Xuejun Tan,et al.  On Recognizing Virtual Honeypots and Countermeasures , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[8]  Amr M. Youssef,et al.  Dempster-Shafer Evidence Combining for (Anti)-Honeypot Technologies , 2012, Inf. Secur. J. A Glob. Perspect..

[9]  Ryan Cunningham,et al.  Honeypot-Aware Advanced Botnet Construction and Maintenance , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[10]  Andrew H. Sung,et al.  Detection of Virtual Environments and Low Interaction Honeypots , 2007 .

[11]  Baoxian Jia,et al.  Dynamic Forensics Model based on Ontology and Context Information , 2013 .

[12]  Pragya Jain,et al.  Defending against internet worms using honeyfarm , 2012, CUBE.

[13]  Lauren Pearce Malware Analysis in a Nutshell , 2016 .

[14]  Wenbo Chen,et al.  Design of a worm isolation and unknown worm monitoring system based on Honeypot , 2014 .

[15]  Malek Ben Salem,et al.  Monitoring Technologies for Mitigating Insider Threats , 2010, Insider Threats in Cyber Security.

[16]  Ankit D. Patel,et al.  Dynamic & hybrid honeypot model for scalable network monitoring , 2014, International Conference on Information Communication and Embedded Systems (ICICES2014).

[17]  Philippe Owezarski,et al.  Shark: Spy Honeypot with Advanced Redirection Kit , 2007 .

[18]  Ian Welch,et al.  Capture - A behavioral analysis tool for applications and documents , 2007 .

[19]  L. Vokorokos,et al.  Sophisticated Honeypot mechanism - the autonomous hybrid solution for enhancing computer system security , 2013, 2013 IEEE 11th International Symposium on Applied Machine Intelligence and Informatics (SAMI).