research-article

A Comparison of Record and Play Honeypot Designs

Authors:

Jarko Papalitsas,

Ville LeppänenAuthors Info & Claims

CompSysTech '17: Proceedings of the 18th International Conference on Computer Systems and Technologies

Pages 133 - 140

https://doi.org/10.1145/3134302.3134307

Published: 23 June 2017 Publication History

Abstract

Record and play -honeypots mimic normal TCP traffic and fool the adversary with fake data while simultaneously keeping the setting realistic. ln this paper, we propose several designs for such honeypots. Two important aspects of honeypot design are considered. First, we compare named entity recognition systems in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to fake these entities consistently. Pros and cons of each approach -- varying from the better accuracy of the fake responses to the possibility of causing side effects on the real services -- are discussed.

References

[1]

Asahara, M., and Matsumoto, Y. Japanese Named Entity Extraction with Redundant Morphological Analysis. In Proceedings of the Conference of the North American Chapter of the Association for Computational Linguistics on Human Language Technology - Volume 1 (2003), Association for Computational Linguistics, pp. 8--15.

Digital Library

[2]

Bikel, D. M., Miller, S., Schwartz, R., and Weischedel, R. Nymble: A High-performance Learning Name-finder. In Proceedings of the Fifth Conference on Applied Natural Language Processing (1997), ANLC '97, Association for Computational Linguistics, pp. 194--201.

Digital Library

[3]

Bird, S., Klein, E., and Loper, E. Natural Language Processing with Python. O'Reilly Media, 2009.

Digital Library

[4]

Borthwick, A., Sterling, J., Agichtein, E., and Grishman, R. NYU: Description of the MENE Named Entity System as Used in MUC-7. In Proceedings of the Seventh Message Understanding Conference (1998).

[5]

Cunningham, et al. Developing Language Processing Components with GATE Version 8. University of Sheffield Department of Computer Science, 11 2014.

[6]

Finkel, J. R., Grenager, T., and Manning, C. Incorporating non-local information into information extraction systems by gibbs sampling. In Proceedings of the 43rd Annual Meeting on Association for Computational Linguistics (2005), ACL '05, Association for Computational Linguistics, pp. 363--370.

Digital Library

[7]

Maynard, D., Tablan, V., Ursu, C., Cunningham, H., and Wilks, Y. Named entity recognition from diverse text types. In Recent Advances in Natural Language Processing 2001 Conference (2001), pp. 257--274.

[8]

McCallum, A., and Li, W. Early Results for Named Entity Recognition with Conditional Random Fields, Feature Induction and Web-enhanced Lexicons. In Proceedings of the 7th Conference on Natural Language Learning at HLT-NAACL 2003 - Volume 4 (2003), Association for Computational Linguistics, pp. 188--191.

Digital Library

[9]

Minkov, E., Wang, R. C., and Cohen, W. W. {extracting personal names from email: Applying named entity recognition to informal text.

[10]

Nadeau, D., and Sekine, S. A survey of named entity recognition and classification. Lingvisticae Investigationes 30, 1 (2007), 3--26.

[11]

Nawrocki, M., Wahlisch, M., Schmidt, T., Keil, C., and Schonfelder, J. A Survey on Honeypot Software and Data Analysis, 2016. arXiv preprint (2016).

[12]

Poibeau, T., and Kosseim, L. Proper name extraction from non-journalistic texts. Language and computers 37, 1 (2001), 144--157.

[13]

Rauti, S., and Leppänen, V. A survey on fake entities as a method to detect and monitor malicious activity. In 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (2017).

[14]

Sekine, S., et al. NYU: Description of the Japanese NE system used for MET-2. In Proceedings of Message Understanding Conference (1998).

[15]

Sekine, S., and Nobata, C. Definition, Dictionaries and Tagger for Extended Named Entity Hierarchy. In LREC (2004), pp. 1977--1980.

[16]

Virvilis, N., and Gritzalis, D. The Big Four -- What we did wrong in Advanced Persistent Threat detection? In Proceedings of Eighth International Conference on Availability, Reliability and Security (ARES) (2013), IEEE, pp. 248--254.

Digital Library

Cited By

Huang CHan JZhang XLiu J(2019)Automatic Identification of Honeypot Server Using Machine Learning TechniquesSecurity and Communication Networks10.1155/2019/26276082019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/2627608
Papalitsas JTammi JRauti SLeppänen V(2018)Recognizing Dynamic Fields in Network Traffic with a Manually Assisted SolutionTrends and Advances in Information Systems and Technologies10.1007/978-3-319-77712-2_20(208-217)Online publication date: 17-May-2018
https://doi.org/10.1007/978-3-319-77712-2_20

Recommendations

Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
Abstract
Intrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...
Using rootkits hiding techniques to conceal honeypot functionality
Abstract
Honeypot is one of the existing technologies in the area of computer network security. The goal of Honeypot is to create a tempting target for the attacker. The system that is considered as a Honeypot in the network includes the ...
A Novel Deception Defense-Based Honeypot System for Power Grid Network
Smart Computing and Communication
Abstract
In recent years, as cyber-attacks have become more and more rampant, power grid networks are also facing more and more security threats, which have gradually become the focus attention of attackers. Traditional defense methods are represented by ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CompSysTech '17: Proceedings of the 18th International Conference on Computer Systems and Technologies

June 2017

358 pages

ISBN:9781450352345

DOI:10.1145/3134302

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

UORB: University of Ruse, Bulgaria
TECHUVB: Technical University of Varna, Bulgaria

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

MATINE

Conference

CompSysTech'17

CompSysTech'17: 18th International Conference on Computer Systems and Technologies

June 23 - 24, 2017

Ruse, Bulgaria

Acceptance Rates

CompSysTech '17 Paper Acceptance Rate 42 of 107 submissions, 39%;

Overall Acceptance Rate 241 of 492 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
98
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Huang CHan JZhang XLiu J(2019)Automatic Identification of Honeypot Server Using Machine Learning TechniquesSecurity and Communication Networks10.1155/2019/26276082019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/2627608
Papalitsas JTammi JRauti SLeppänen V(2018)Recognizing Dynamic Fields in Network Traffic with a Manually Assisted SolutionTrends and Advances in Information Systems and Technologies10.1007/978-3-319-77712-2_20(208-217)Online publication date: 17-May-2018
https://doi.org/10.1007/978-3-319-77712-2_20

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten