Skip to Main content Skip to Navigation
Conference papers

B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications

Abstract : Honeypots are used in IT Security to detect and gather information about ongoing intrusions by presenting an interactive system as attractive target to an attacker. They log all actions of an attacker for further analysis. The longer an attacker interacts with a honeypot, the more valuable information about the attack can be collected. Thus, it should be one of the main goals of a honeypot to stay unnoticed as long as possible. Also, a honeypot should appear to be a valuable target system to motivate attackers to attacks the honeypot. This paper presents a novel honeypot concept (B.Hive) that fulfills both requirements: it protects existing web application in productive use, hence offering an attractive attack target, and it uses a novel technique to conceal the honeypot components such that it is hard to detect the honeypot even by manual inspection. B.Hive does not need configuration or changes of existing web applications, it is web framework agnostic, and it only has a slight impact on the performance of the web application it protects. The evaluation shows that B.Hive can be used to protect the majority of the 10,000 most popular web sites (based on the Alexia Global Top 10,000 list), and that the honeypot cannot be identified by humans.
Document type :
Conference papers
Complete list of metadatas

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/hal-01345113
Contributor : Hal Ifip <>
Submitted on : Wednesday, July 13, 2016 - 11:02:23 AM
Last modification on : Wednesday, June 17, 2020 - 11:20:19 AM

File

337885_1_En_18_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Christoph Pohl, Alf Zugenmaier, Michael Meier, Hans-Joachim Hof. B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.267-280, ⟨10.1007/978-3-319-18467-8_18⟩. ⟨hal-01345113⟩

Share

Metrics

Record views

242

Files downloads

425