Honeypot detection in advanced botnet attacks. (1st March 2010)
- Record Type:
- Journal Article
- Title:
- Honeypot detection in advanced botnet attacks. (1st March 2010)
- Main Title:
- Honeypot detection in advanced botnet attacks
- Authors:
- Wang, Ping
Wu, Lei
Cunningham, Ryan
Zou, Cliff C. - Abstract:
- Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security defenders can attract botnet compromises and become spies in exposing botnet membership and botnet attacker behaviours, they are widely used by security defenders in botnet defence. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have a liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this constraint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet can successfully send out unmodified malicious traffic. Based on this basic detection principle, we present honeypot detection techniques to be used in both centralised botnets and Peer-to-Peer (P2P) structured botnets. Experiments show that current standard honeypots and honeynet programs are vulnerable to the proposed honeypot detection techniques. At the end, we discuss some guidelines for defending against general honeypot-aware attacks.
- Is Part Of:
- International journal of information and computer security. Volume 4:Number 1(2010)
- Journal:
- International journal of information and computer security
- Issue:
- Volume 4:Number 1(2010)
- Issue Display:
- Volume 4, Issue 1 (2010)
- Year:
- 2010
- Volume:
- 4
- Issue:
- 1
- Issue Sort Value:
- 2010-0004-0001-0000
- Page Start:
- 30
- Page End:
- 51
- Publication Date:
- 2010-03-01
- Subjects:
- liability -- honeypots -- botnets -- peer-to-peer -- P2P structured botnets -- modelling -- honeypot detection -- advanced botnet attacks -- computer security -- honeypot traps
Computer security -- Periodicals
Information systems management -- Security measures -- Periodicals
Computer networks -- Security measures -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.inderscience.com/browse/index.php?journalCODE=ijics ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1744-1765
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8679.xml