A caching relay for the World Wide Web
Selected papers of the first conference on World-Wide Web
The Mathematics of Infectious Diseases
SIAM Review
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Honeypots: Tracking Hackers
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Network Emulation in the Vint/NS Simulator
ISCC '99 Proceedings of the The Fourth IEEE Symposium on Computers and Communications
IEEE Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Defeating TCP/IP stack fingerprinting
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Proceedings of the 2004 ACM workshop on Rapid malcode
Design of network security projects using honeypots
Journal of Computing Sciences in Colleges
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Can machine learning be secure?
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Using VMM-based sensors to monitor honeypots
Proceedings of the 2nd international conference on Virtual execution environments
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
On the performance of internet worm scanning strategies
Performance Evaluation
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
An effective defense against email spam laundering
Proceedings of the 13th ACM conference on Computer and communications security
Replayer: automatic protocol replay by binary analysis
Proceedings of the 13th ACM conference on Computer and communications security
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
HoneySpam: honeypots fighting spam at the source
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Tracking the role of adversaries in measuring unwanted traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
Learning network structure from passive measurements
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Honey@home: a new approach to large-scale threat monitoring
Proceedings of the 2007 ACM workshop on Recurring malcode
Hacker Curriculum: How Hackers Learn Networking
IEEE Distributed Systems Online
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Active behavioral fingerprinting of wireless devices
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Data base support for intrusion detection with honeynets
TELE-INFO'07 Proceedings of the 6th WSEAS Int. Conference on Telecommunications and Informatics
Analyzing network and content characteristics of spim using honeypots
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Spamulator: the Internet on a laptop
Proceedings of the 13th annual conference on Innovation and technology in computer science education
Ghost turns zombie: exploring the life cycle of web-based malware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Information Systems Security
Network discovery from passive measurements
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Distributed Evasive Scan Techniques and Countermeasures
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Thwarting E-mail Spam Laundering
ACM Transactions on Information and System Security (TISSEC)
A data mining approach for analysis of worm activity through automatic signature generation
Proceedings of the 1st ACM workshop on Workshop on AISec
Hiding "real" machine from attackers and malware with a minimal virtual machine monitor
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
Panic passwords: authenticating under duress
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
To catch a predator: a natural language approach for eliciting malicious payloads
SS'08 Proceedings of the 17th conference on Security symposium
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Simulating cyber-attacks for fun and profit
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
An Attacker-Defender Game for Honeynets
COCOON '09 Proceedings of the 15th Annual International Conference on Computing and Combinatorics
Geolocalization of proxied services and its application to fast-flux hidden servers
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
The WOMBAT Attack Attribution Method: Some Results
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Honeypot detection in advanced botnet attacks
International Journal of Information and Computer Security
honeyM: a framework for implementing virtual honeyclients for mobile devices
Proceedings of the third ACM conference on Wireless network security
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Vortex: enabling cooperative selective wormholing for network security systems
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Empirical study of the impact of metasploit-related attacks in 4 years of attack traces
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Collecting autonomous spreading malware using high-interaction honeypots
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Dependability metrics
Policy-based security configuration management application to intrusion detection and prevention
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Measurement and diagnosis of address misconfigured P2P traffic
INFOCOM'10 Proceedings of the 29th conference on Information communications
MitiBox: camouflage and deception for network scan mitigation
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
The limits of automatic OS fingerprint generation
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
A cost-based analysis of intrusion detection system configuration under active or passive response
Decision Support Systems
Honeypot trace forensics: The observation viewpoint matters
Future Generation Computer Systems
Heat-seeking honeypots: design and experience
Proceedings of the 20th international conference on World wide web
Set-up and deployment of a high-interaction honeypot: experiment and lessons learned
Journal in Computer Virology
Exposing the lack of privacy in file hosting services
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
A practical and light-weight data capture tool for Xen virtual machine
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Fast quarantining of proactive worms in unstructured P2P networks
Journal of Network and Computer Applications
Honeynet games: a game theoretic approach to defending network monitors
Journal of Combinatorial Optimization
Proceedings of the 18th ACM conference on Computer and communications security
TRUMANBOX: improving dynamic malware analysis by emulating the internet
SSS'11 Proceedings of the 13th international conference on Stabilization, safety, and security of distributed systems
Virtual playgrounds for worm behavior investigation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A dynamic mechanism for recovering from buffer overflow attacks
ISC'05 Proceedings of the 8th international conference on Information Security
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Fast and evasive attacks: highlighting the challenges ahead
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Resettable public-key encryption: how to encrypt on a virtual machine
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Towards detection of botnet communication through social media by monitoring user activity
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Detecting traffic snooping in tor using decoys
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Using active intrusion detection to recover network trust
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
A framework for attack patterns' discovery in honeynet data
Digital Investigation: The International Journal of Digital Forensics & Incident Response
False Positives: False positive response
Network Security
Security & SDLC: The 'phasing-in' of security governance in the SDLC
Network Security
Exploring the ecosystem of referrer-anonymizing services
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Fast dynamic extracted honeypots in cloud computing
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Security and Communication Networks
Bot detection evasion: a case study on local-host alert correlation bot detection methods
Security and Communication Networks
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Computer Networks: The International Journal of Computer and Telecommunications Networking
Machine-oriented biometrics and cocooning for dynamic network defense
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Testing large-scale cloud management
IBM Journal of Research and Development
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
POSTER: Reflected attacks abusing honeypots
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Explicit authentication response considered harmful
Proceedings of the 2013 workshop on New security paradigms workshop
Modeling and evaluating of typical advanced peer-to-peer botnet
Performance Evaluation
Hi-index | 0.00 |
A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. Deploying a physical honeypot is often time intensive and expensive as different operating systems require specialized hardware and every honeypot requires its own physical system. This paper presents Honeyd, a framework for virtual honeypots that simulates virtual computer systems at the network level. The simulated computer systems appear to run on unallocated network addresses. To deceive network fingerprinting tools, Honeyd simulates the networking stack of different operating systems and can provide arbitrary routing topologies and services for an arbitrary number of virtual systems. This paper discusses Honeyd's design and shows how the Honeyd framework helps in many areas of system security, e.g. detecting and disabling worms, distracting adversaries, or preventing the spread of spam email.