Skip to Main content Skip to Navigation
Conference papers

B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications

Abstract : Honeypots are used in IT Security to detect and gather information about ongoing intrusions by presenting an interactive system as attractive target to an attacker. They log all actions of an attacker for further analysis. The longer an attacker interacts with a honeypot, the more valuable information about the attack can be collected. Thus, it should be one of the main goals of a honeypot to stay unnoticed as long as possible. Also, a honeypot should appear to be a valuable target system to motivate attackers to attacks the honeypot. This paper presents a novel honeypot concept (B.Hive) that fulfills both requirements: it protects existing web application in productive use, hence offering an attractive attack target, and it uses a novel technique to conceal the honeypot components such that it is hard to detect the honeypot even by manual inspection. B.Hive does not need configuration or changes of existing web applications, it is web framework agnostic, and it only has a slight impact on the performance of the web application it protects. The evaluation shows that B.Hive can be used to protect the majority of the 10,000 most popular web sites (based on the Alexia Global Top 10,000 list), and that the honeypot cannot be identified by humans.
Document type :
Conference papers
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, July 13, 2016 - 11:02:23 AM
Last modification on : Tuesday, October 19, 2021 - 12:49:45 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Christoph Pohl, Alf Zugenmaier, Michael Meier, Hans-Joachim Hof. B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.267-280, ⟨10.1007/978-3-319-18467-8_18⟩. ⟨hal-01345113⟩



Record views


Files downloads