Title :
Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes
Author :
Song, Jungsuk ; Takakura, Hiroki ; Okabe, Yasuo
Author_Institution :
Grad. Sch. of Inf., Kyoto Univ., Kyoto
Abstract :
Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.
Keywords :
security of data; cooperation based active honeypot; intelligent honeypots; malicious attackers; self-protection type honeypot; unknown malicious codes; Computer networks; Computer security; Data analysis; IP networks; Informatics; Information security; Intelligent networks; Internet; Privacy; Telecommunication traffic;
Conference_Titel :
Information Security Threats Data Collection and Sharing, 2008. WISTDCS '08. WOMBAT Workshop on
Conference_Location :
Amsterdam
Print_ISBN :
978-0-7695-3347-6
DOI :
10.1109/WISTDCS.2008.10
