Learning More About Attack Patterns With Honeypots

Thorsten Holz

GI Sicherheit - Schutz und Zuverlässigkeit, Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik, Magdeburg, February 2006


Abstract

Honeypots are information system resources, whose value lies in unauthorized or illicit use of these resources. In this paper, we present a project that has established a world-wide distributed sensor system of honeypots. Within this system, each platform has the same configuration, thus allowing us to compare the collected data of each platform. And since all platforms send all logging data to a central database, this enables us to correlate all data and draw conclusions from it.

Besides presenting the project, we show how the collected data can be used to learn more about attack patterns. In addition, we illustrate how we can learn more about root-causes of attacks, i.e., specific tools or techniques used by attackers.

[pdf]

Tags: honeynet, honeypots