Self Adaptive High Interaction Honeypots Driven by Game Theory

Authors:
Gérard Wagener;Radu State;Alexandre Dulaunoy;Thomas Engel
Affiliations:
University of Luxembourg, and SES S.A.,;University of Luxembourg,;SES S.A.,;University of Luxembourg,
Venue:
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Year:
2009

Citing 12
Cited 3

Honeypots: Tracking Hackers

Honeypots: Tracking Hackers
Advanced Linux Programming

Advanced Linux Programming
Probabilistic Finite-State Machines-Part I

IEEE Transactions on Pattern Analysis and Machine Intelligence
Lessons learned from the deployment of a high-interaction honeypot

EDCC '06 Proceedings of the Sixth European Dependable Computing Conference
Bash Cookbook: Solutions and Examples for Bash Users (Cookbooks (O'Reilly))

Bash Cookbook: Solutions and Examples for Bash Users (Cookbooks (O'Reilly))
Linux Kernel Development (2nd Edition) (Novell Press)

Linux Kernel Development (2nd Edition) (Novell Press)
QEMU, a fast and portable dynamic translator

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Preventing privilege escalation

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Profiling Attacker Behavior Following SSH Compromises

DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
The Honeynet Arms Race

IEEE Security and Privacy
Ether: malware analysis via hardware virtualization extensions

Proceedings of the 15th ACM conference on Computer and communications security
Strategic games on defense trees

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust

Heliza: talking dirty to the attackers

Journal in Computer Virology
On the Value of Coordination in Distributed Self-Adaptation of Intrusion Detection System

WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 02
Understanding the prevalence and use of alternative plans in malware with network games

Proceedings of the 27th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

High-interaction honeypots are relevant to provide rich and useful information obtained from attackers. Honeypots come in different flavors with respect to their interaction potential. A honeypot can be very restrictive, but then only a few interactions can be observed. If a honeypot is very tolerant though, attackers can quickly achieve their goal. Having the best trade-off between attacker freedom and honeypot restrictions is challenging. In this paper, we address the issue of self adaptive honeypots, that can change their behavior and lure attackers into revealing as much information as possible about themselves. The key idea is to leverage game-theoretic concepts for the configuration and reciprocal actions of high-interaction honeypots.