A4 Article in conference proceedings
A Comparison of Record and Play Honeypot Designs

List of Authors: Papalitsas Jarko, Rauti Sampsa, Leppänen Ville
Place: New York
Publication year: 2017
Book title *: Proceedings of the 18th International Conference on Computer Systems and Technologies
Title of series: ACM International Conference Proceedings Series
Number in series: 1369
Number of pages: 8
ISBN: 978-1-4503-5234-5


Record and play -honeypots mimic the normal TCP traffic and fool the adversary with fake data
while simultaneously keeping the setting realistic. In this paper, we propose several designs for such honeypots.
Two important aspects of honeypot design are considered. First, we compare named entity recognition systems
in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to
fake these entities consistently. Pros and cons of each approach – varying from the better accuracy of the fake
responses to the possibility of causing side effects on the real services – are discussed.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Last updated on 2019-29-01 at 14:26