Research Article
INTERCEPT: High-interaction Server-type Honeypot based on Live Migration
@INPROCEEDINGS{10.4108/icst.simutools.2014.254849, author={Daisuke Miyamoto and Satoru Teramura and Masaya Nakayama}, title={INTERCEPT: High-interaction Server-type Honeypot based on Live Migration}, proceedings={Seventh International Conference on Simulation Tools and Techniques}, publisher={ICST}, proceedings_a={SIMUTOOLS}, year={2014}, month={8}, keywords={honeypot web application live migration}, doi={10.4108/icst.simutools.2014.254849} }
- Daisuke Miyamoto
Satoru Teramura
Masaya Nakayama
Year: 2014
INTERCEPT: High-interaction Server-type Honeypot based on Live Migration
SIMUTOOLS
ICST
DOI: 10.4108/icst.simutools.2014.254849
Abstract
This paper aims at developing a honeypot system for web applications. The key idea is employing migration techniques to create a virtual machine as a honey web server, and making the honeypot to equip the same memory and block content of the real systems. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, it might be difficult to develop the lure-able, protect-able, and deception-able honeypot for web applications. This paper analyzes the background issues of the problem and finds the missing piece toward the suitable honeypot. It also designs and implements INTERCEPT, the core component of the honeypot system for web applications, which can avoid the data corruption as well as finishing the migration in short time period. Finally, we discuss how to complete the missing piece.