Nothing Special   »   [go: up one dir, main page]

skip to main content
discussion

Honeypot Forensics Part I: Analyzing the Network

Published: 01 July 2004 Publication History

Abstract

A major goal of honeypot research is to improve our knowledge of blackhats from two perspectives: technical and ethnological. For the former, we want new ways to discover rootkits, trojans, and potential zero-day exploits (although capturing zero-day exploits in a honeypot is an unusual event). For the latter, we want a better understanding of the areas of interest and hidden links between blackhat teams. One way to achieve these goals is to increase the verbosity of our honeypot logs and traces; the most common tools for doing this are Sebek (http://project.honeynet.org/tools/sebek/) for system events and Snort (www.snort.org) for network activity. Unfortunately, there is no easy way to correlate information from these sources, which complicates honeypot forensics.

Cited By

View all

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Security and Privacy
IEEE Security and Privacy  Volume 2, Issue 4
July 2004
78 pages

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 July 2004

Author Tags

  1. 65
  2. blackhat
  3. honeynets
  4. honeypots

Qualifiers

  • Discussion

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 28 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2018)HIoTPOTWireless Personal Communications: An International Journal10.1007/s11277-018-5307-3103:2(1179-1194)Online publication date: 1-Nov-2018
  • (2008)Packet-based context aware system to determine information system user's contextExpert Systems with Applications: An International Journal10.1016/j.eswa.2007.06.03335:1-2(286-300)Online publication date: 1-Jul-2008
  • (2007)Internet forensics on the basis of evidence gathering with Peep attacksComputer Standards & Interfaces10.1016/j.csi.2006.06.00529:4(423-429)Online publication date: 1-May-2007
  • (2006)A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networksComputers and Security10.1016/j.cose.2006.02.00925:4(274-288)Online publication date: 1-Jun-2006
  • (2004)Honeypot Forensics, Part IIIEEE Security and Privacy10.1109/MSP.2004.702:5(77-80)Online publication date: 1-Sep-2004

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media