Seventh International Conference on Simulation Tools and Techniques

Research Article

INTERCEPT: High-interaction Server-type Honeypot based on Live Migration

Download567 downloads
  • @INPROCEEDINGS{10.4108/icst.simutools.2014.254849,
        author={Daisuke Miyamoto and Satoru Teramura and Masaya Nakayama},
        title={INTERCEPT: High-interaction Server-type Honeypot based on Live Migration},
        proceedings={Seventh International Conference on Simulation Tools and Techniques},
        publisher={ICST},
        proceedings_a={SIMUTOOLS},
        year={2014},
        month={8},
        keywords={honeypot web application live migration},
        doi={10.4108/icst.simutools.2014.254849}
    }
    
  • Daisuke Miyamoto
    Satoru Teramura
    Masaya Nakayama
    Year: 2014
    INTERCEPT: High-interaction Server-type Honeypot based on Live Migration
    SIMUTOOLS
    ICST
    DOI: 10.4108/icst.simutools.2014.254849
Daisuke Miyamoto1,*, Satoru Teramura1, Masaya Nakayama1
  • 1: The University of Tokyo
*Contact email: daisu-mi@nc.u-tokyo.ac.jp

Abstract

This paper aims at developing a honeypot system for web applications. The key idea is employing migration techniques to create a virtual machine as a honey web server, and making the honeypot to equip the same memory and block content of the real systems. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, it might be difficult to develop the lure-able, protect-able, and deception-able honeypot for web applications. This paper analyzes the background issues of the problem and finds the missing piece toward the suitable honeypot. It also designs and implements INTERCEPT, the core component of the honeypot system for web applications, which can avoid the data corruption as well as finishing the migration in short time period. Finally, we discuss how to complete the missing piece.