Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.5.15

Design and Implementation of an Unused Ports-based Decoy System to Redirect Hackers toward Honeypots  

Kim, Ik-Su (Soongsil University)
Kim, Myung-Ho (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.5, 2006 , pp. 15-24 More about this Journal
Abstract
Many computer security systems use the signatures of well-known attacks to respond to hackers. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, honeypots and honeypot farms have been actively researched. However, they can only collect a small amount of information because hackers have a strong tendency to directly attack servers of which IP addresses are allocated. In this paper, we propose an unused ports-based decoy system to redirect hackers toward honeypots. This system opens unused ports to lure hackers. All interactions with the unused ports are considered as suspect, because the ports aren't those for real service. Accordingly, every request sent to the unused ports is redirected to a honeypot. Consequently, this system enables honeypots to collect information about hackers attacking real servers other than themselves.
Keywords
Computer security; Signature; Honeypot; Intrusion;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Brian Laing, Jimmy Alderson, How to Guide: Implementing a Network Based Inrusion Detection System, Internet Security System, 2000
2 Joseph Reves, Sonia Panchen, Traffic Monitoring with Packet-Based Sampling for Defense against Security Threats
3 브라질 사이버테러 정보보호 현황 및 대응기구, 국가사이버안전센터, Monthly 사이버 시큐리티 1월호
4 L. Spitzer, Honeypot Farms, http://www.securityfocus.com/infocus/1720, 2003
5 Martin Roesch, 'Snort-Lightweight Intrusion Detection for Networks', Proceedings of the LISA, 1999
6 John G. Levine, Julian B. Grizzard, Henry L. Owen, 'Using Honeynets to Protect Large Enterprise Networks,' IEEE Security and Privacy, 2, pp. 74-75, 2004
7 L. Spitzner, Know Your Enemy: Sebek2 A Kernel Based Data Capture Tool, http://www.honeynet.org, 2003
8 Miyoung Kim, Misun Kim, Youngsong Mun, 'Design and Implementation of the HoneyPot System with Focusing on the Session Redirection', Proceedings of the ICCSA, 3043, pp. 262-269, May 2004
9 A. Machie, R. Russell, Code Red Worm, Security Focus, Tech. Rep, Incident Analysis, 2001
10 L. Spitzer, Honeypots: Tracking Hackers, Addison-Wesley, 2002
11 A. Machie, J. Roculan, R. Russell, M. V. Velzen, Nimda Worm Analysis, Security Focus, Tech. Rep, Incident Analysis, 2001
12 Xing-Yun He, Knok-Yan, Siu-Leung Chung, Chi-Hung Chi, Jia-Guang Sun, 'Real-Time Emulation of Intrusion Victim in HoneyFarm,' Proceedings of the AWCC, 3309, pp. 143-154, Nov 2004