HoneyC - The low-interaction client honeypot

Seifert, Christian, Welch, Ian and Komisarczuk, Peter (2006) HoneyC - The low-interaction client honeypot. Technical Report. University of Wellington.

Full text not available from this repository.

Abstract

Client honeypots crawl the Internet to find and identify servers that exploit client-side vulnerabilities. Traditionally, these servers are identified by the client honeypot monitoring state changes that result
from a server interaction. These, so called high-interaction, client honeypots are slow and expensive to operate because they require an entire operating system to be hosted. We have developed a componentbased low-interaction client honeypot that emulates only the essential features of our target clients and that applies signature matching to allow fast static analysis of server responses. Performance measurements of a prototype implementation targeting clients using the HTTP 1.1 protocol indicate that low-interaction client honeypots are faster and cheaper than high-interaction client honeypots. The difference in false negatives
suggests that these technologies may be complementary rather than competitive in nature.

Item Type: Report (Technical Report)
Uncontrolled Keywords: Security, Client Honeypots, Intrusion Detection
Subjects: Computing
Depositing User: Vani Aul
Date Deposited: 21 Mar 2014 16:18
Last Modified: 18 May 2017 09:58
URI: http://repository.uwl.ac.uk/id/eprint/843

Actions (login required)

View Item View Item

Menu