This book discusses about honeypot from history to present. The way authors added various case studies (including use of honeypot as savior) in chapters is admirable. The list of references for each chapter is also good way for the readers to easily locate the source of information. I suggest to add the further finding topic for each chapter in the future versions of books specially for researc...

Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot. Deploying physical honeypots is often time intensive and expensive as different oper...

Traditional honeypots listen to unused IP address space waiting for attackers to contact them. Shadow honeypots present another perspective; they demonstrate how honeypots can be coupled with production systems to enhance their security. Based on the observation that attack traffic is considerably less than normal traffic, shadow honeypots propose to use an anomaly detection system (ADS) as a f...

We present an automated, scalable, method for crafting dynamic responses to real-time network requests. Specifically, we provide a flexible technique based on natural language processing and string alignment techniques for intelligently interacting with protocols trained directly from raw network traffic. We demonstrate the utility of our approach by creating a low-interaction webbased honeypot...

Intrusion Detection Systems and Prevention are used to detect prevent attacks/malware from entering the network/system. Honeypot is a type of System which find intruder, study intruder access original system. It necessary build strong honeypot because if it compromised, system can be easily targeted by attacker. To overcome such challenges an efficient needed that shut attacker after extracting...

Honeypots are designed to investigate malicious behaviour. Each type of homogeneous honeypot system has its own characteristics in respect of specific security functionality, and also suffers functional drawbacks that restrict its application scenario. In practical scenarios, therefore, security researchers always need to apply heterogeneous honeypots to cope with different attacks. However, th...

With the rising number of cyber threats in communication networks, there is a demand for attack analysis and the identification of new threats. Honeypots, tools for attack analysis and zero-day exploit discovery, are passive in waiting for an attacker. This paper proposes a novel approach to the effective utilization of honeypots based on cooperation between honeypots and the network in which t...

Honeypots are decoys designed to trap attackers. Once deployed, we can use honeypots to log an attacker’s activities, analyze its behavior and design new approaches to defend against it. A virtual honeypot can emulate multiple honeypots on one physical machine, and so provide great flexibility in representing one or more networks of machines. In order to operate effectively, a honeypot needs to...

This paper presents an architecture for the characterization and the classification of activities occurring in a computer. These activities are considered from a system point of view, currently dealing with information coming from SELinux system logs. Starting from system events, and following an incremental approach, this paper shows how to characterize high-level and macro activities occuring...