An Improved Honeypot Model for Attack Detection and Analysis

Marwan Abbas-Escribano; Hervé Debar

doi:10.1145/3600160.3604993

An Improved Honeypot Model for Attack Detection and Analysis

Marwan Abbas-Escribano, Hervé Debar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it's situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.

Original language	English
Title of host publication	ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
Publisher	Association for Computing Machinery
ISBN (Electronic)	9798400707728
DOIs	https://doi.org/10.1145/3600160.3604993
Publication status	Published - 29 Aug 2023
Event	18th International Conference on Availability, Reliability and Security, ARES 2023 - Benevento, Italy Duration: 29 Aug 2023 → 1 Sept 2023

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	18th International Conference on Availability, Reliability and Security, ARES 2023
Country/Territory	Italy
City	Benevento
Period	29/08/23 → 1/09/23

Keywords

Honeypot Deception High Interaction Supervision Analysis Indicator of Compromise MITRE ATT&CK

Access to Document

10.1145/3600160.3604993

Cite this

@inproceedings{5cf84ca2fc2544f9bd628cc97954e937,

title = "An Improved Honeypot Model for Attack Detection and Analysis",

abstract = "This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT\&CK taxonomy to describe the design and supervision constraints of our honeypot with it's situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.",

keywords = "Honeypot Deception High Interaction Supervision Analysis Indicator of Compromise MITRE ATT\&CK",

author = "Marwan Abbas-Escribano and Herv{\'e} Debar",

note = "Publisher Copyright: {\textcopyright} 2023 ACM.; 18th International Conference on Availability, Reliability and Security, ARES 2023 ; Conference date: 29-08-2023 Through 01-09-2023",

year = "2023",

month = aug,

day = "29",

doi = "10.1145/3600160.3604993",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings",

}

Abbas-Escribano, M & Debar, H 2023, An Improved Honeypot Model for Attack Detection and Analysis. in ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings., 142, ACM International Conference Proceeding Series, Association for Computing Machinery, 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, 29/08/23. https://doi.org/10.1145/3600160.3604993

An Improved Honeypot Model for Attack Detection and Analysis. / Abbas-Escribano, Marwan; Debar, Hervé.
ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings. Association for Computing Machinery, 2023. 142 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Improved Honeypot Model for Attack Detection and Analysis

AU - Abbas-Escribano, Marwan

AU - Debar, Hervé

PY - 2023/8/29

Y1 - 2023/8/29

N2 - This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it's situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.

AB - This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it's situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.

KW - Honeypot Deception High Interaction Supervision Analysis Indicator of Compromise MITRE ATT&CK

U2 - 10.1145/3600160.3604993

DO - 10.1145/3600160.3604993

M3 - Conference contribution

AN - SCOPUS:85169693399

T3 - ACM International Conference Proceeding Series

BT - ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings

PB - Association for Computing Machinery

T2 - 18th International Conference on Availability, Reliability and Security, ARES 2023

Y2 - 29 August 2023 through 1 September 2023

ER -

An Improved Honeypot Model for Attack Detection and Analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this