ScriptGen: an automated script generation tool for honeyd

Tucson, Arizona December 05-December 09

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.49

21st Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Corrado Leita Articles by Ken Mermoud Articles by Marc Dacier

	ASCII Text	x
	Corrado Leita, Ken Mermoud, Marc Dacier, "ScriptGen: an automated script generation tool for honeyd," Computer Security Applications Conference, Annual, pp. 203-214, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.49, author = {Corrado Leita and Ken Mermoud and Marc Dacier}, title = {ScriptGen: an automated script generation tool for honeyd}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {203-214}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.49}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - ScriptGen: an automated script generation tool for honeyd SN - 1063-9527 SP203 EP214 A1 - Corrado Leita, A1 - Ken Mermoud, A1 - Marc Dacier, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Corrado Leita, Institut Eurecom Sophia Antipolis, France

Ken Mermoud, Institut Eurecom Sophia Antipolis, France

Marc Dacier, Institut Eurecom Sophia Antipolis, France

Honeyd [14] is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by severalmachines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity.

Citation:

Corrado Leita, Ken Mermoud, Marc Dacier, "ScriptGen: an automated script generation tool for honeyd," acsac, pp.203-214, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.