Abstract
Honeypots are the network sensors used for capturing the network attacks. As these sensors are solely deployed for the purpose of being attacked and compromised hence they have to be closely monitored and controlled. In the work presented in this paper the authors have addressed the problem of base-lining the high-interaction Honeypots by proposing a structured framework for base-lining any high interaction Honeypot. The Honeypot base-lining process involves identification and white-listing of all the legitimate system activities and the modeling of Honeypot attack surface. The outcome of the Honeypot base-lining process is an XML file which models the Honeypot attack surface. The authors claim that this Honeypot system modeling is useful at the time of attack data analysis, as it enables the mapping of captured attacks to the vulnerabilities exposed by the Honeypot. This attack to vulnerability mapping capability helps defenders to find out what attacks targets what vulnerabilities and could also leads to the detection of the zero day vulnerabilities exploit attempt.
Reference60 articles.
1. Abgrall, E., Le Traon, Y., & Gombault, S.M. (2014). Monperrus Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting. Proceedings of the 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops (ICSTW).
2. Abuse.ch. (n. d.). Retrieved from http://www.abuse.ch
3. Detecting targeted attacks using shadow Honeypots;K.Anagnostakis;Proceedings of the 14th USENIX Security Symposium,2005
4. Detecting targeted attacks using shadow Honeypots.;K.Anagnostakis;Proceedings of the 14th Usenix Security Symposium,2005
5. ATLAS. (n. d.). About. Retrieved from http://www.atlas.abor.net/about
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献