Please use this identifier to cite or link to this item:
https://idr.nitk.ac.in/jspui/handle/123456789/8024
Title: | Emulating a High Interaction Honeypot to Monitor Intrusion Activity |
Authors: | Gopalakrishna, A. Pais, A.R. |
Issue Date: | 2013 |
Citation: | Communications in Computer and Information Science, 2013, Vol.377 CCIS, , pp.70-76 |
Abstract: | Intrusion activity monitoring is a complex task to achieve. An intruder should not be alerted about being monitored. A stealthy approach is needed, that does not alert the intruder about the presence of monitoring. Virtual Machine based High Interaction Honeypots help achieve stealthy monitoring. Most of the related research work use the concept of Virtual Machine Introspection that relies on System Call Interception. However most of these methods hook the sysenter instruction for interception of system calls. This can be defeated by an intruder since this is not the only way of making a system call. We have designed and implemented a High-Interaction Virtual Machine based honeypot using the open source tool Qebek. Qebek is more effective as it hooks the actual system call implementation itself. We have tested its capturability by running different types of malware. The Results obtained show that the system is able to capture information about processes running on the honeypot, console data and network activities, which reveal the maliciousness of the activities. � Springer-Verlag Berlin Heidelberg 2013. |
URI: | http://idr.nitk.ac.in/jspui/handle/123456789/8024 |
Appears in Collections: | 2. Conference Papers |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.