Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
An Analysis of the Slapper Worm
IEEE Security and Privacy
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
On the performance of internet worm scanning strategies
Performance Evaluation
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
IEEE Security and Privacy
Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms
QoS-IP'05 Proceedings of the Third international conference on Quality of Service in Multiservice IP Networks
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Cleaning your house first: shifting the paradigm on how to secure networks
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Detecting parasite p2p botnet in eMule-like networks through quasi-periodicity recognition
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Improving network security and design using honeypots
Proceedings of the CUBE International Information Technology Conference
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
Exposing WPA2 security protocol vulnerabilities
International Journal of Information and Computer Security
Hi-index | 0.00 |
Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security defenders can attract botnet compromises and become spies in exposing botnet membership and botnet attacker behaviours, they are widely used by security defenders in botnet defence. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have a liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this constraint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet can successfully send out unmodified malicious traffic. Based on this basic detection principle, we present honeypot detection techniques to be used in both centralised botnets and Peer-to-Peer (P2P) structured botnets. Experiments show that current standard honeypots and honeynet programs are vulnerable to the proposed honeypot detection techniques. At the end, we discuss some guidelines for defending against general honeypot-aware attacks.