Professional Documents
Culture Documents
Wa0005
Wa0005
Presented By :
Sparsh Thakur
1603617051
ECE (6th)
Introduction
• A honeypot is a trap set to detect, deflect, or in some manner counteract
attempts at unauthorized use of information systems
• They are the highly flexible security tool with different applications for
security. They don't fix a single problem. Instead they have multiple uses,
such as prevention, detection, or information gathering
•Goals
Should look as real
as possible!
Should be
monitored to see if
its being used to
launch a massive
attack on other
systems
Should include files
that are of interest
to the hacker
Classification
By level of interaction
• High
• Low
By Implementation
• Virtual
• Physical
By Purpose
• Production
• Research
Literature Review
[1]
Title – The Study of an Attack (Know Your Enemy: A Forensic Analysis)
Year Of Publishing - 2000
Author – Lance Spitzner
Methodology – In this paper it is show that how Honeypots was
compromised , backdoored and eventually used for trinoo
attacks.
Advantages – 1) It analyzes the attack
Limitations – 1) It does not work in offline system
Literature Review
[2]
Title – Honeypots for Distributed Denial of Service Attacks
Year Of Publishing - 2002
Author –Nathalie Weiler
Methodology – In this paper, they described a promising tool for luring
attackers into the belief of a successful DDoS attack. They
showed how such a system can be used in a defence in depth
real-world network environment.
Advantages – 1) We can defend our operational network with a high
probability against known DDoS and against new,
future variants
2) We trap the attacker so that recording of the compromise
can help in a legal action against the attacker.
Limitations – 1)The attack must be detectable.
2) The honeypot must be able to simulate the organisation's
network infrastructure, at least the parts known to the
attacker.
Literature Review
[3]
Title – Honeypots: Catching the Insider Threats
Year Of Publishing – 2003, December
Author – Lance Spitzner
Methodology – In this paper it is discuss about the contribute to the early
indication and confirmation of advanced insider threats.
However they can be eliminated by the combination of
Honeytokens and Honeynet.
Advantages –1) Their identity can easily be changed.
2) By using honeytoken tool they become more difficult to
detect
Limitations – 1) The insider threat may not ever use or interact with a
honeypot or honeytoken
2) Honeypots will not work if their identity is known or
discovered by the insider
Literature Review
[4]
Title – Honeycomb : Creating Intrusion Detection Signatures Using
Honeypots
Year Of Publishing - 2004
Authors – Christian Kreibich, Jon Crowcroft
Methodology –They have presented Honeycomb, a system that can
produce NIDS signatures automatically by analyzing traffic
on a honeypot. The system produces good-quality
signatures on a typical end user’s Internet connection.
Advantages – 1) No duplication of efforts
2) avoidance of Cold Start issues
Limitations – 1) For now it does not work efficiently with high traffic
Literature Review
[5]
Title – Detecting Honeypots and other suspicious environments
Year Of Publishing – 2005
Authors – Thorsten Holz , Frederic Raynal
Methodology – The article aims at showing the limitation of current
honeypot-based research.
Comparison
S.No Title Year of Authors Methodology Future Work
Publishing
1 The Study of an 2000 Lance Spitzner Compromised NIL
Attack using forensic
analysis
2 Honeypots for 2002 Nathalie Weiler Elimination of NIL
DDos Attacks DDos attacks
3 Honeypots: 2003 Lance Spitzner Elimination of Introduction to
Catching the insider threats. Adaptive
Insider Threats Honeytoken