Title :
Detecting honeypots and other suspicious environments
Author :
Holz, Thorsten ; Raynal, Frederic
Author_Institution :
Lab. for Dependable Distributed Syst., RWTH Aachen Univ., Germany
Abstract :
To learn more about attack patterns and attacker behavior, the concept of electronic decoys, i.e. network resources (computers, routers, switches, etc.) deployed to be probed, attacked, and compromised, is used in the area of IT security under the name honeypots. These electronic baits lure in attackers and help in assessment of vulnerabilities. Because honeypots are more and more deployed within computer networks, malicious attackers start to devise techniques to detect and circumvent these security tools. This paper will explain how an attacker typically proceeds in order to attack this kind of systems. We will introduce several techniques and present diverse tools and techniques which help attackers. In addition, we present several methods to detect suspicious environments (e.g. virtual machines and presence of debuggers). The article aims at showing the limitation of current honey pot-based research. After a brief theoretical introduction, we present several technical examples of different methodologies.
Keywords :
computer networks; pattern recognition; security of data; IT security; attack patterns; attacker behavior; computer networks; debuggers; electronic baits; electronic decoys; honeypot detection; malicious attackers; network resources; security tools; suspicious environments; virtual machines; vulnerability assessment; Computer networks; Computer security; Forensics; Internet; Intrusion detection; Laboratories; Software systems; Steganography; Switches; Virtual machining;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495930
