Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
A malware collection and analysis framework based on darknet traffic
ICONIP'12 Proceedings of the 19th international conference on Neural Information Processing - Volume Part II
Toward a more practical unsupervised anomaly detection system
Information Sciences: an International Journal
Hi-index | 0.00 |
Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.