Abstract
Internet security is a growing concern today for government organizations and individuals alike. This has led to growing interest in more aggressive forms of defense to supplement the existing methods to provide security. Vulnerabilities in web applications expose computer networks to security threats. In fact, a large number of websites are used by attackers as hopping sites for attacking other website and user terminals. To protect websites and secure information from attacks based on vulnerabilities of web applications, security vendors and administrators collect attack information using web honeypots, which masquerade as vulnerable systems. To gain full details of attackers is not possible when an attacker compromises high interaction web honeypot system or any other available methodologies. To solve this problem we proposed a scheme of setting up honeypot that dynamically generates web-pages based on attacker request or redirects attacker to one of matching templates. This honeypot captures logs of all activities by the attacker to extract details about ip address, source address, hacker tools, and login details. With our propose scheme, we can get much more information to protect websites than with high interaction web honeypots. We name this scheme as “dynapots”. Keywords: data mining, dynapots, high interaction web honeypots, intrusion detection system
References
Mokube I., Adams M. Honeypots: Concepts, Approaches, and Challenges. ACMSE 2007, March 23–24, 2007, Winston-Salem, North Carolina, USA.
Viecco C. Improving Honeynet Data Analysis. IEEE; 2002, ISBN 0-7803-9814-9.
Provos N. A Virtual Honeypot Framework. Center for Information Technology Integration of the University of Michigan.
Yagi T., Tanimoto N., Hariu T., et al. Enhanced Attack Collection Scheme on High-Interaction Web Honeypots. @2010 IEEE; 2010.
Hecker C., Hay B. Securing E-Government Assets through Automating Deployment of Honeynets for IDS Support.
Nunes S., Correia M. Web Application Risk Awareness with High Interaction Honeypots. Supported by FCT through the CMU-Portugal partnership and the Large-scale Informatic Systems Laboratory (LaSIGE).
HIHAT installation guide, “http://www.honeynet.org/project/HIHAT.
Open Access
Subscription or Fee Access