B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications

Abstract : Honeypots are used in IT Security to detect and gather information about ongoing intrusions by presenting an interactive system as attractive target to an attacker. They log all actions of an attacker for further analysis. The longer an attacker interacts with a honeypot, the more valuable information about the attack can be collected. Thus, it should be one of the main goals of a honeypot to stay unnoticed as long as possible. Also, a honeypot should appear to be a valuable target system to motivate attackers to attacks the honeypot. This paper presents a novel honeypot concept (B.Hive) that fulfills both requirements: it protects existing web application in productive use, hence offering an attractive attack target, and it uses a novel technique to conceal the honeypot components such that it is hard to detect the honeypot even by manual inspection. B.Hive does not need configuration or changes of existing web applications, it is web framework agnostic, and it only has a slight impact on the performance of the web application it protects. The evaluation shows that B.Hive can be used to protect the majority of the 10,000 most popular web sites (based on the Alexia Global Top 10,000 list), and that the honeypot cannot be identified by humans.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.267-280, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_18〉
Liste complète des métadonnées

Littérature citée [10 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345113
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 11:02:23
Dernière modification le : mercredi 13 juillet 2016 - 11:18:42

Fichier

337885_1_En_18_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Christoph Pohl, Alf Zugenmaier, Michael Meier, Hans-Joachim Hof. B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.267-280, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_18〉. 〈hal-01345113〉

Partager

Métriques

Consultations de la notice

101