| Presentation | 2006-05-24 A Construction Method of a Honeypot System to Safely Collect Unknown Malicious Codes Kenji OHIRA, JungSuk SONG, Hiroki TAKAKURA, Yasuo OKABE, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | It is considered that an attacker tests his attacking codes by sending them to randomly selected nodes in the Internet. Collecting and analyzing such beta-version attacking codes are considered to be effective especially against 0-day attacks because they can be used as an attack forecasting system to find and announce such pre-attacking attempts before the attack completes or be spread. However, we cannot predict which service in a system in operation is attacked. It is inappropriate to set a node which listens all TCP, UDP and any other ports because it can be revealed that the node is a honeypot by port scanning activity. It is requested that a honeypot dynamically opens and closes listening ports according to the trend of attacks. Attacking attempts are very varied. It is required to set a honeypot in filter-free or DMZ environment in order to collect various and especially new attacking codes. At the same time, it is required to do access monitoring and log collecting in attack-free environment. Even if a honeypot falls in an attacker's control, monitoring and log collecting must be secured. In this paper, we propose a way to construct a safe and portable honeypot system which meets above by using virtual machines. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Security / Honeypot / 0-day Attack / Attack Forecasting |
| Paper # | IA2006-1 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2006/5/17(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Construction Method of a Honeypot System to Safely Collect Unknown Malicious Codes |
| Sub Title (in English) | |
| Keyword(1) | Security |
| Keyword(2) | Honeypot |
| Keyword(3) | 0-day Attack |
| Keyword(4) | Attack Forecasting |
| 1st Author's Name | Kenji OHIRA |
| 1st Author's Affiliation | Graduate School of Informatics, Kyoto University() |
| 2nd Author's Name | JungSuk SONG |
| 2nd Author's Affiliation | Graduate School of Informatics, Kyoto University |
| 3rd Author's Name | Hiroki TAKAKURA |
| 3rd Author's Affiliation | Academic Center for Computing and Media Studies, Kyoto University |
| 4th Author's Name | Yasuo OKABE |
| 4th Author's Affiliation | Academic Center for Computing and Media Studies, Kyoto University |
| Date | 2006-05-24 |
| Paper # | IA2006-1 |
| Volume (vol) | vol.106 |
| Number (no) | 62 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |