Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser
{"title":"远程高交互蜜罐的创建与集成","authors":"Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser","doi":"10.1109/ICSSA.2017.21","DOIUrl":null,"url":null,"abstract":"The internet connects an uncountable number of users and their devices, no one has a global overview anymore. This state of constant chaos poses the problem of detecting novel, previously unknown attacks and attackers, and therefore requires creative strategies to detect and study them as early as possible. One approach is the use of honeypots to bait attacks into separate, dedicated systems and study them there. This paper explores the construction of high-interaction honeypots based on Docker containers, both for Windows and Linux operating systems. A core challenge is the transparent integration of honeypots into an existing company's network, although they are located off-site and not directly on a company's premises. We report practical prototyping experiences with Linux and Windows as container hosts for a diverse set of services and the limits we encountered in current software versions as they impede our effort.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Creation and Integration of Remote High Interaction Honeypots\",\"authors\":\"Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser\",\"doi\":\"10.1109/ICSSA.2017.21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The internet connects an uncountable number of users and their devices, no one has a global overview anymore. This state of constant chaos poses the problem of detecting novel, previously unknown attacks and attackers, and therefore requires creative strategies to detect and study them as early as possible. One approach is the use of honeypots to bait attacks into separate, dedicated systems and study them there. This paper explores the construction of high-interaction honeypots based on Docker containers, both for Windows and Linux operating systems. A core challenge is the transparent integration of honeypots into an existing company's network, although they are located off-site and not directly on a company's premises. We report practical prototyping experiences with Linux and Windows as container hosts for a diverse set of services and the limits we encountered in current software versions as they impede our effort.\",\"PeriodicalId\":307280,\"journal\":{\"name\":\"2017 International Conference on Software Security and Assurance (ICSSA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Software Security and Assurance (ICSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSSA.2017.21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Software Security and Assurance (ICSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSSA.2017.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Creation and Integration of Remote High Interaction Honeypots
The internet connects an uncountable number of users and their devices, no one has a global overview anymore. This state of constant chaos poses the problem of detecting novel, previously unknown attacks and attackers, and therefore requires creative strategies to detect and study them as early as possible. One approach is the use of honeypots to bait attacks into separate, dedicated systems and study them there. This paper explores the construction of high-interaction honeypots based on Docker containers, both for Windows and Linux operating systems. A core challenge is the transparent integration of honeypots into an existing company's network, although they are located off-site and not directly on a company's premises. We report practical prototyping experiences with Linux and Windows as container hosts for a diverse set of services and the limits we encountered in current software versions as they impede our effort.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
