{"title":"一种改进的蜜罐攻击检测与分析模型","authors":"Marwan Abbas-Escribano, Hervé Debar","doi":"10.1145/3600160.3604993","DOIUrl":null,"url":null,"abstract":"This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it’s situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Improved Honeypot Model for Attack Detection and Analysis\",\"authors\":\"Marwan Abbas-Escribano, Hervé Debar\",\"doi\":\"10.1145/3600160.3604993\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it’s situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3604993\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3604993","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Improved Honeypot Model for Attack Detection and Analysis
This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it’s situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.