A Comparison of Record and Play Honeypot Designs - UTU Research Portal

A4 Refereed article in a conference publication

A Comparison of Record and Play Honeypot Designs

Authors: Papalitsas Jarko, Rauti Sampsa, Leppänen Ville

Editors: Rachev Boris, Smrikarov Angel

Conference name: International Conference on Computer Systems and Technologies

Publishing place: New York

Publication year: 2017

Book title : Proceedings of the 18th International Conference on Computer Systems and Technologies

Series title: ACM International Conference Proceedings Series

Number in series: 1369

First page : 133

Last page: 140

Number of pages: 8

ISBN: 978-1-4503-5234-5

DOI: https://doi.org/10.1145/3134302.3134307(external)

Web address : https://dl.acm.org/citation.cfm?doid=3134302.3134307(external)

Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/28531838(external)

Abstract

Record and play -honeypots mimic the normal TCP traffic and fool the adversary with fake data
while simultaneously keeping the setting realistic. In this paper, we propose several designs for such honeypots.
Two important aspects of honeypot design are considered. First, we compare named entity recognition systems
in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to
fake these entities consistently. Pros and cons of each approach – varying from the better accuracy of the fake
responses to the possibility of causing side effects on the real services – are discussed.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Comparison_of_Record_and_Play_Honeypot_Implementations31032017.pdf