Towards an Invisible Honeypot Monitoring System

 

Nguyen Anh Quynh,

Graduate School of Media and Governance, Keio University

 

Research Abstract

Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. We propose to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We designed and implemented a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more ``invisible'' and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.

 

Research Result

As a result of the research, Xebek system is implemented, and we are going to release it under the open source license very soon. We presented a paper about Xebek in an international security conference, and published the paper in Lecture Notes in Computer Science [1]. Besides, we also presented the solution in several international industrial conferences [2], [3]. Finally, our research is reported in a Japanese magazine [4].

 

References

 

[4] Report on HackInTheBox 2006 Security Conference,.Hacker Japan Magazine. January 2007. (Report about my research)

 

[3] Nguyen Anh Quynh. Towards an Invisible Honeypot Monitoring System. Hack.lu Security Conference. October 2006.

 

[2] Nguyen Anh Quynh. Towards an Invisible Honeypot Monitoring System. HITB2006 Security Conference. September 2006.

 

[1] Nguyen Anh Quynh, Yoshiyasu Takefuji. Towards an Invisible Honeypot Monitoring Tool. The 11th Australian Conference on Information Security and Privacy (ACISP06). Lecture Notes in Computer Science. (LNCS 4058). July 2006.