• Title/Summary/Keyword: High interaction client honeypot

Search Result 4, Processing Time 0.026 seconds

A High-Interaction Client Honeypot on Android Platform (안드로이드 플랫폼에서의 High-Interaction 클라이언트 허니팟 적용방안 연구)

  • Jung, Hyun-Mi;Son, Seung-Wan;Kim, Kwang-Seok;Lee, Gang-Soo
    • Journal of Digital Convergence
    • /
    • v.11 no.12
    • /
    • pp.381-386
    • /
    • 2013
  • As the new variation malicious codes of android platform are drastically increasing, the preparation plan and response is needed. We proposed a high-interaction client honeypot that applied to the android platform. We designed flow for the system. Application plan and the function was analyze. Each detail module was optimized in the Android platform. The system is equipped with the advantage of the high-interaction client honeypot of PC environment. Because the management and storage server was separated it is more flexible and expanded.

Execution-based System and Its Performance Analysis for Detecting Malicious Web Pages using High Interaction Client Honeypot (고 상호작용 클라이언트 허니팟을 이용한 실행 기반의 악성 웹 페이지 탐지 시스템 및 성능 분석)

  • Kim, Min-Jae;Chang, Hye-Young;Cho, Seong-Je
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.15 no.12
    • /
    • pp.1003-1007
    • /
    • 2009
  • Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute mal ware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50.

A Study for Hybrid Honeypot Systems (하이브리드 허니팟 시스템에 대한 연구)

  • Lee, Moon-Goo
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.51 no.11
    • /
    • pp.127-133
    • /
    • 2014
  • In order to protect information asset from various malicious code, Honeypot system is implemented. Honeypot system is designed to elicit attacks so that internal system is not attacked or it is designed to collect malicious code information. However, existing honeypot system is designed for the purpose of collecting information, so it is designed to induce inflows of attackers positively by establishing disguised server or disguised client server and by providing disguised contents. In case of establishing disguised server, it should reinstall hardware in a cycle of one year because of frequent disk input and output. In case of establishing disguised client server, it has operating problem such as procuring professional labor force because it has a limit to automize the analysis of acquired information. To solve and supplement operating problem and previous problem of honeypot's hardware, this thesis suggested hybrid honeypot. Suggested hybrid honeypot has honeywall, analyzed server and combined console and it processes by categorizing attacking types into two types. It is designed that disguise (inducement) and false response (emulation) are connected to common switch area to operate high level interaction server, which is type 1 and low level interaction server, which is type 2. This hybrid honeypot operates low level honeypot and high level honeypot. Analysis server converts hacking types into hash value and separates it into correlation analysis algorithm and sends it to honeywall. Integrated monitoring console implements continuous monitoring, so it is expected that not only analyzing information about recent hacking method and attacking tool but also it provides effects of anticipative security response.

Cybertrap : Unknown Attack Detection System based on Virtual Honeynet (Cybertrap : 가상 허니넷 기반 신종공격 탐지시스템)

  • Kang, Dae-Kwon;Hyun, Mu-Yong;Kim, Chun-Suk
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.8 no.6
    • /
    • pp.863-871
    • /
    • 2013
  • Recently application of open protocols and external network linkage to the national critical infrastructure has been growing with the development of information and communication technologies. This trend could mean that the national critical infrastructure is exposed to cyber attacks and can be seriously jeopardized when it gets remotely operated or controlled by viruses, crackers, or cyber terrorists. In this paper virtual Honeynet model which can reduce installation and operation resource problems of Honeynet system is proposed. It maintains the merits of Honeynet system and adapts the virtualization technology. Also, virtual Honeynet model that can minimize operating cost is proposed with data analysis and collecting technique based on the verification of attack intention and focus-oriented analysis technique. With the proposed model, new type of attack detection system based on virtual Honeynet, that is Cybertrap, is designed and implemented with the host and data collecting technique based on the verification of attack intention and the network attack pattern visualization technique. To test proposed system we establish test-bed and evaluate the functionality and performance through series of experiments.