Testing Deceptive Honeypots

Abstract

Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers to confuse attackers and exhaust their time and resources. The objective of this thesis was to test the effectiveness of some honeypot tools in real networks by varying their location and virtualization, and by adding more deception to them. We tested both a web honeypot tool and an SSH honeypot tool. We deployed the web honeypot in both a residential network and at the Naval Postgraduate School network; the NPS honeypot attracted more attackers. Results also showed that the virtual honeypots received attacks from more unique IP addresses, and that adding deception to the web honeypot generated more interest by attackers. For the purpose of comparison, we used examined log files of a legitimate website www.cmand.org. The traffic distributions for the web honeypot and the legitimate website showed similarities, but the SSH honeypot was different. It appears that both honeypot tools are useful for providing intelligence about cyber-attack methods.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2014
Accession Number
ADA620928

Entities

People

  • Aymen Yahyaoui

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Application Protocols
  • Code Injection
  • Computer Communications
  • Computer Networks
  • Computer Science
  • Computers
  • Cyberattacks
  • Cybersecurity
  • Detection
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Architecture
  • Network Protocols
  • Network Topology
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.

Technology Areas

  • Cyber