Real-Time emulation of intrusion victim in honeyfarm

Xing Yun He; Kwok Yan Lam; Siu Leung Chung; Hung Chi; Jia Guang Sun

doi:10.1007/978-3-540-30483-8_18

Real-Time emulation of intrusion victim in honeyfarm

Xing Yun He, Kwok Yan Lam, Siu Leung Chung, Hung Chi, Jia Guang Sun

Hong Kong Metropolitan University

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

2 Citations (Scopus)

Abstract

Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers' behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers' outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Editors	Chi-Hung Chi, Kwok-Yan Lam
Pages	143-154
Number of pages	12
DOIs	https://doi.org/10.1007/978-3-540-30483-8_18
Publication status	Published - 2004

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3309
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

Honeypot
Interception proxy
Intrusion
Reverse firewall

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-540-30483-8_18

Cite this

He, X. Y., Lam, K. Y., Chung, S. L., Chi, H., & Sun, J. G. (2004). Real-Time emulation of intrusion victim in honeyfarm. In C.-H. Chi, & K.-Y. Lam (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 143-154). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3309). https://doi.org/10.1007/978-3-540-30483-8_18

He, Xing Yun ; Lam, Kwok Yan ; Chung, Siu Leung et al. / Real-Time emulation of intrusion victim in honeyfarm. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). editor / Chi-Hung Chi ; Kwok-Yan Lam. 2004. pp. 143-154 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{6180398422bf446d9a7e95a02cb58fd0,

title = "Real-Time emulation of intrusion victim in honeyfarm",

abstract = "Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers' behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers' outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.",

keywords = "Honeypot, Interception proxy, Intrusion, Reverse firewall",

author = "He, {Xing Yun} and Lam, {Kwok Yan} and Chung, {Siu Leung} and Hung Chi and Sun, {Jia Guang}",

year = "2004",

doi = "10.1007/978-3-540-30483-8_18",

language = "English",

isbn = "3540238980",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "143--154",

editor = "Chi-Hung Chi and Kwok-Yan Lam",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

He, XY, Lam, KY, Chung, SL, Chi, H & Sun, JG 2004, Real-Time emulation of intrusion victim in honeyfarm. in C-H Chi & K-Y Lam (eds), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3309, pp. 143-154. https://doi.org/10.1007/978-3-540-30483-8_18

Real-Time emulation of intrusion victim in honeyfarm. / He, Xing Yun; Lam, Kwok Yan; Chung, Siu Leung et al.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). ed. / Chi-Hung Chi; Kwok-Yan Lam. 2004. p. 143-154 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3309).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Real-Time emulation of intrusion victim in honeyfarm

AU - He, Xing Yun

AU - Lam, Kwok Yan

AU - Chung, Siu Leung

AU - Chi, Hung

AU - Sun, Jia Guang

PY - 2004

Y1 - 2004

N2 - Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers' behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers' outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.

AB - Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers' behaviors, they are not very effective in that honeypot implementers tend to block or limit hackers' outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming other systems.

KW - Honeypot

KW - Interception proxy

KW - Intrusion

KW - Reverse firewall

UR - http://www.scopus.com/inward/record.url?scp=35048896535&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-30483-8_18

DO - 10.1007/978-3-540-30483-8_18

M3 - Chapter

AN - SCOPUS:35048896535

SN - 3540238980

SN - 9783540238980

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 143

EP - 154

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

A2 - Chi, Chi-Hung

A2 - Lam, Kwok-Yan

ER -

He XY, Lam KY, Chung SL, Chi H, Sun JG. Real-Time emulation of intrusion victim in honeyfarm. In Chi CH, Lam KY, editors, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2004. p. 143-154. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-30483-8_18

Real-Time emulation of intrusion victim in honeyfarm

Abstract

Publication series

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this