Paper Abstract and Keywords |
Presentation |
2006-05-24 10:50
A Construction Method of a Honeypot System to Safely Collect Unknown Malicious Codes Kenji Ohira, JungSuk Song, Hiroki Takakura, Yasuo Okabe (Kyoto Univ.) IA2006-1 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
It is considered that an attacker tests his attacking codes by sending them to randomly selected nodes in the Internet.
Collecting and analyzing such beta-version attacking codes are considered to be effective especially against 0-day attacks because they can be used as an attack forecasting system to find and announce such pre-attacking attempts before the attack completes or be spread.
However, we cannot predict which service in a system in operation is attacked.
It is inappropriate to set a node which listens all TCP, UDP and any other ports because it can be revealed that the node is a honeypot by port scanning activity.
It is requested that a honeypot dynamically opens and closes listening ports according to the trend of attacks.
Attacking attempts are very varied.
It is required to set a honeypot in filter-free or DMZ environment in order to collect various and especially new attacking codes.
At the same time, it is required to do access monitoring and log collecting in attack-free environment.
Even if a honeypot falls in an attacker's control, monitoring and log collecting must be secured.
In this paper, we propose a way to construct a safe and portable honeypot system which meets above by using virtual machines. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Security / Honeypot / 0-day Attack / Attack Forecasting / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 106, no. 62, IA2006-1, pp. 1-6, May 2006. |
Paper # |
IA2006-1 |
Date of Issue |
2006-05-17 (IA) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IA2006-1 |
Conference Information |
Committee |
IA |
Conference Date |
2006-05-24 - 2006-05-24 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Campus Plaza Kyoto |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Internet, etc. |
Paper Information |
Registration To |
IA |
Conference Code |
2006-05-IA |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A Construction Method of a Honeypot System to Safely Collect Unknown Malicious Codes |
Sub Title (in English) |
|
Keyword(1) |
Security |
Keyword(2) |
Honeypot |
Keyword(3) |
0-day Attack |
Keyword(4) |
Attack Forecasting |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Kenji Ohira |
1st Author's Affiliation |
Kyoto University (Kyoto Univ.) |
2nd Author's Name |
JungSuk Song |
2nd Author's Affiliation |
Kyoto University (Kyoto Univ.) |
3rd Author's Name |
Hiroki Takakura |
3rd Author's Affiliation |
Kyoto University (Kyoto Univ.) |
4th Author's Name |
Yasuo Okabe |
4th Author's Affiliation |
Kyoto University (Kyoto Univ.) |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2006-05-24 10:50:00 |
Presentation Time |
25 minutes |
Registration for |
IA |
Paper # |
IA2006-1 |
Volume (vol) |
vol.106 |
Number (no) |
no.62 |
Page |
pp.1-6 |
#Pages |
6 |
Date of Issue |
2006-05-17 (IA) |
|