ScriptGen: an automated script generation tool for Honeyd

21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI:10.1109/CSAC.2005.49

Corrado Leita, Ken Mermoud, M. Dacier

{"title":"ScriptGen: an automated script generation tool for Honeyd","authors":"Corrado Leita, Ken Mermoud, M. Dacier","doi":"10.1109/CSAC.2005.49","DOIUrl":null,"url":null,"abstract":"Honeyd (N. Provos, 2004) is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"192","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.49","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 192

Abstract

Honeyd (N. Provos, 2004) is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity

查看原文本刊更多论文

ScriptGen:用于hadoop的自动脚本生成工具

Honeyd (N. Provos, 2004)是Niels Provos开发的一种流行工具，它提供了一种简单的方法来模拟单个PC上多台机器提供的服务。这就是所谓的低相互作用蜜罐。对传入请求的响应是由需要手工编写的特别脚本生成的。因此，很少有脚本存在，特别是对于处理专有协议的服务。在本文中，我们提出了一种通过自动生成新脚本来缓解这些问题的方法。我们解释了这种方法并描述了它的局限性。我们通过两种不同的方法来分析生成的脚本的质量。一方面，我们已经对运行我们脚本的机器发起了已知的攻击;另一方面，我们在互联网上部署了这台机器，在两个月的时间里，它就在一个高交互性的蜜罐旁边。对于那些同时攻击两台机器的攻击者，我们可以验证我们的脚本是否能够欺骗他们。我们还讨论了算法的各种调优参数，这些参数可以设置为提高脚本的质量，或者相反，降低脚本的复杂性

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

21st Annual Computer Security Applications Conference (ACSAC'05)

自引率

0.00%

发文量