Virtual Machine Introspection Based SSH Honeypot

SHCIS '17 Pub Date : 2017-06-19 DOI:10.1145/3099012.3099016
Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser
{"title":"Virtual Machine Introspection Based SSH Honeypot","authors":"Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser","doi":"10.1145/3099012.3099016","DOIUrl":null,"url":null,"abstract":"A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks.\n In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SHCIS '17","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3099012.3099016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12

Abstract

A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks. In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.
基于SSH蜜罐的虚拟机自省
蜜罐提供有关新的攻击和利用方法的信息,并允许在利用期间或之后分析对手的活动。攻击者与服务器通信的一种方式是通过安全外壳(SSH)。SSH在不受信任的网络上提供安全登录、文件传输、X11转发和TCP/IP连接。SSH是攻击的首选目标,因为它经常与基于密码的身份验证一起使用,而弱密码很容易被暴力攻击利用。本文介绍了一种基于虚拟机自省的SSH蜜罐。我们讨论了系统的设计以及如何提取有价值的信息,如攻击者使用的凭据和输入的命令。我们的实验表明,该系统能够在攻击期间和攻击后检测到对手的活动,与目前使用的SSH蜜罐方法相比,它具有优势。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信