Presentation | 2006-05-24 A Construction Method of a Honeypot System to Safely Collect Unknown Malicious Codes Kenji OHIRA, JungSuk SONG, Hiroki TAKAKURA, Yasuo OKABE, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | It is considered that an attacker tests his attacking codes by sending them to randomly selected nodes in the Internet. Collecting and analyzing such beta-version attacking codes are considered to be effective especially against 0-day attacks because they can be used as an attack forecasting system to find and announce such pre-attacking attempts before the attack completes or be spread. However, we cannot predict which service in a system in operation is attacked. It is inappropriate to set a node which listens all TCP, UDP and any other ports because it can be revealed that the node is a honeypot by port scanning activity. It is requested that a honeypot dynamically opens and closes listening ports according to the trend of attacks. Attacking attempts are very varied. It is required to set a honeypot in filter-free or DMZ environment in order to collect various and especially new attacking codes. At the same time, it is required to do access monitoring and log collecting in attack-free environment. Even if a honeypot falls in an attacker's control, monitoring and log collecting must be secured. In this paper, we propose a way to construct a safe and portable honeypot system which meets above by using virtual machines. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Security / Honeypot / 0-day Attack / Attack Forecasting |
Paper # | IA2006-1 |
Date of Issue |
Conference Information | |
Committee | IA |
---|---|
Conference Date | 2006/5/17(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Internet Architecture(IA) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A Construction Method of a Honeypot System to Safely Collect Unknown Malicious Codes |
Sub Title (in English) | |
Keyword(1) | Security |
Keyword(2) | Honeypot |
Keyword(3) | 0-day Attack |
Keyword(4) | Attack Forecasting |
1st Author's Name | Kenji OHIRA |
1st Author's Affiliation | Graduate School of Informatics, Kyoto University() |
2nd Author's Name | JungSuk SONG |
2nd Author's Affiliation | Graduate School of Informatics, Kyoto University |
3rd Author's Name | Hiroki TAKAKURA |
3rd Author's Affiliation | Academic Center for Computing and Media Studies, Kyoto University |
4th Author's Name | Yasuo OKABE |
4th Author's Affiliation | Academic Center for Computing and Media Studies, Kyoto University |
Date | 2006-05-24 |
Paper # | IA2006-1 |
Volume (vol) | vol.106 |
Number (no) | 62 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |