Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser
{"title":"基于SSH蜜罐的虚拟机自省","authors":"Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser","doi":"10.1145/3099012.3099016","DOIUrl":null,"url":null,"abstract":"A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks.\n In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Virtual Machine Introspection Based SSH Honeypot\",\"authors\":\"Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser\",\"doi\":\"10.1145/3099012.3099016\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks.\\n In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.\",\"PeriodicalId\":269698,\"journal\":{\"name\":\"SHCIS '17\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SHCIS '17\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3099012.3099016\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SHCIS '17","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3099012.3099016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks.
In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
