A Comparison of Record and Play Honeypot Designs - UTU Tutkimustietojärjestelmä

A4 Vertaisarvioitu artikkeli konferenssijulkaisussa

A Comparison of Record and Play Honeypot Designs

Tekijät: Papalitsas Jarko, Rauti Sampsa, Leppänen Ville

Toimittaja: Rachev Boris, Smrikarov Angel

Konferenssin vakiintunut nimi: International Conference on Computer Systems and Technologies

Kustannuspaikka: New York

Julkaisuvuosi: 2017

Kokoomateoksen nimi: Proceedings of the 18th International Conference on Computer Systems and Technologies

Sarjan nimi: ACM International Conference Proceedings Series

Numero sarjassa: 1369

Aloitussivu: 133

Lopetussivu: 140

Sivujen määrä: 8

ISBN: 978-1-4503-5234-5

DOI: https://doi.org/10.1145/3134302.3134307

Verkko-osoite: https://dl.acm.org/citation.cfm?doid=3134302.3134307

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/28531838

Tiivistelmä

Record and play -honeypots mimic the normal TCP traffic and fool the adversary with fake data
while simultaneously keeping the setting realistic. In this paper, we propose several designs for such honeypots.
Two important aspects of honeypot design are considered. First, we compare named entity recognition systems
in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to
fake these entities consistently. Pros and cons of each approach – varying from the better accuracy of the fake
responses to the possibility of causing side effects on the real services – are discussed.

Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Comparison_of_Record_and_Play_Honeypot_Implementations31032017.pdf