记录和播放蜜罐设计的比较

Proceedings of the 18th International Conference on Computer Systems and Technologies Pub Date : 2017-06-23 DOI:10.1145/3134302.3134307

Jarko Papalitsas, Sampsa Rauti, V. Leppänen

{"title":"记录和播放蜜罐设计的比较","authors":"Jarko Papalitsas, Sampsa Rauti, V. Leppänen","doi":"10.1145/3134302.3134307","DOIUrl":null,"url":null,"abstract":"Record and play -honeypots mimic normal TCP traffic and fool the adversary with fake data while simultaneously keeping the setting realistic. ln this paper, we propose several designs for such honeypots. Two important aspects of honeypot design are considered. First, we compare named entity recognition systems in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to fake these entities consistently. Pros and cons of each approach -- varying from the better accuracy of the fake responses to the possibility of causing side effects on the real services -- are discussed.","PeriodicalId":131196,"journal":{"name":"Proceedings of the 18th International Conference on Computer Systems and Technologies","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A Comparison of Record and Play Honeypot Designs\",\"authors\":\"Jarko Papalitsas, Sampsa Rauti, V. Leppänen\",\"doi\":\"10.1145/3134302.3134307\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Record and play -honeypots mimic normal TCP traffic and fool the adversary with fake data while simultaneously keeping the setting realistic. ln this paper, we propose several designs for such honeypots. Two important aspects of honeypot design are considered. First, we compare named entity recognition systems in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to fake these entities consistently. Pros and cons of each approach -- varying from the better accuracy of the fake responses to the possibility of causing side effects on the real services -- are discussed.\",\"PeriodicalId\":131196,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Computer Systems and Technologies\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Computer Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3134302.3134307\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Computer Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3134302.3134307","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

记录和播放-蜜罐模拟正常的TCP通信和欺骗对手与假数据，同时保持设置的真实性。在本文中，我们提出了这种蜜罐的几种设计。考虑了蜜罐设计的两个重要方面。首先，我们比较了命名实体识别系统，以便识别蜜罐修改的消息中的实体。其次，我们考虑一致地伪造这些实体的方法。讨论了每种方法的优缺点——从虚假响应的更高准确性到对真实服务造成副作用的可能性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Comparison of Record and Play Honeypot Designs

Record and play -honeypots mimic normal TCP traffic and fool the adversary with fake data while simultaneously keeping the setting realistic. ln this paper, we propose several designs for such honeypots. Two important aspects of honeypot design are considered. First, we compare named entity recognition systems in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to fake these entities consistently. Pros and cons of each approach -- varying from the better accuracy of the fake responses to the possibility of causing side effects on the real services -- are discussed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 18th International Conference on Computer Systems and Technologies

自引率

0.00%

发文量