A honeypot system with honeyword-driven fake interactive sessions

Abstract

Honeypots are an indispensable tool for network and system security as well as for computer forensic investigations. They can be helpful for detecting possible intrusions, as well as for gathering information about their source, attack patterns, final target and purpose. Highly interactive honeypots, are probably the most useful and enlightening ones, since they reveal many information about intruders' behavior and skills, even though the implementation and setup of such tools might require considerable efforts and computational resources. Accordingly we present an architecture for highly interactive honeypots aiming at detecting password-cracking attacks by means of honeywords and leveraging container-based virtualization to provide persistent sessions needed to capture attacker activities.