Honeypots: Tracking Hackers
Honeypots: Practical Means to Validate Malicious Fault Assumptions
PRDC '04 Proceedings of the 10th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC'04)
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Dependability metrics
Heliza: talking dirty to the attackers
Journal in Computer Virology
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Hi-index | 0.00 |
Our research focuses on the usage of honeypots for gathering detailed statistics on the Internet threats over a long period of time. In this context, we are deploying honeypots (sensors) of different interaction levels in various locations. Generally speaking, honeypots are often classified by their level of interaction. For instance, it is admitted that a high interaction approach is suited for recording hacker shell commands, while a low interaction approach provides limited information on the attackers' activities. So far, there exists no serious comparison to express the level of information on which those approaches differ. Thanks to the environment that we are deploying, we are able to provide a rigorous comparison between the two approaches, both qualitatively and quantitatively. We build our work on an interesting classification of the observed attacks, and we pay particular attention during the comparison to the bias introduced by packet losses. The proposed analysis leads to an interesting study of malicious activities hidden by the noise of less interesting ones. Finally, it shows the complementarities of the two approaches: a high interaction honeypot allows us to control the relevance of low interaction honeypot configurations. Thus, both interaction levels are required to build an efficient network of distributed honeypots.