Honeypots: Tracking Hackers
ScriptGen: an automated script generation tool for honeyd
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes
WISTDCS '08 Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Hi-index | 0.00 |
Since a darknet is a set of unused IP addresses(i.e., no real hosts are operated with them), we are unable to observe the network traffic on it generally. In many cases, however, attackers or infected hosts by some malwares send their attack codes to the target systems or networks at random. Because of this, the darknet gives us the good opportunity to monitor malicious activities that are happening on the Internet. By analyzing the darknet traffic, it is able to get an insight into recent attack trends, but there is a fatal limitation that most of the darknet traffic have no payload data. This means that we cannot collect the real attack codes from the original darknet traffic. In this paper, we propose a malware collection and analysis framework based on the darknet traffic. With the proposed framework, it is able to get real attack codes in the wild and to respond against potential cyber attacks using them. Our experimental results on the real network environments show the effectiveness of the proposed framework.