Lessons learned from the deployment of a high-interaction honeypot

This paper presents an experimental study and the lessons learned from the observation of the attackers when logged on a compromised machine. The results are based on a six months period during which a controlled experiment has been run with a high interaction honeypot. We correlate our findings with those obtained with a worldwide distributed system of low-interaction honeypots

[1]  Van-Hau Pham,et al.  Collection and analysis of attack data based on honeypots deployed on the Internet , 2006, Quality of Protection.

[2]  T. Holz,et al.  Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[3]  Van-Hau Pham,et al.  Understanding threats: a prerequisite to enhance survivability of computing systems , 2008, Int. J. Crit. Infrastructures.

[4]  Marc Dacier,et al.  Honeypots: practical means to validate malicious fault assumptions , 2004, 10th IEEE Pacific Rim International Symposium on Dependable Computing, 2004. Proceedings..

[5]  Farnam Jahanian,et al.  The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[6]  Van-Hau Pham,et al.  on the Advantages of Deploying a Large Scale Distributed Honeypot Platform , 2005 .