A Comparison of Record and Play Honeypot Designs



Papalitsas Jarko, Rauti Sampsa, Leppänen Ville

Rachev Boris, Smrikarov Angel

International Conference on Computer Systems and Technologies

New York

2017

Proceedings of the 18th International Conference on Computer Systems and Technologies

ACM International Conference Proceedings Series

1369

133

140

8

978-1-4503-5234-5

DOIhttps://doi.org/10.1145/3134302.3134307

https://dl.acm.org/citation.cfm?doid=3134302.3134307

https://research.utu.fi/converis/portal/detail/Publication/28531838


Record and play -honeypots mimic the normal TCP traffic and fool the adversary with fake data
while simultaneously keeping the setting realistic. In this paper, we propose several designs for such honeypots.
Two important aspects of honeypot design are considered. First, we compare named entity recognition systems
in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to
fake these entities consistently. Pros and cons of each approach – varying from the better accuracy of the fake
responses to the possibility of causing side effects on the real services – are discussed.


Last updated on 2024-26-11 at 21:19