This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Int. J. Information and Computer Security, Vol. x, No. x, xxxx 1 Honeypot Detection in Advanced Botnet Attacks Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, FL 32816-2362 USA Abstract: Botnets have become one of the major attacks in current Internet due to their illicit profitable financial gain. Meanwhile, honey- pots have been successfully deployed in many computer security defense systems. Since honeypots set up by security defenders can attract bot- net compromises and become spies in exposing botnet membership and botnet attacker behaviors, they are widely used by security defenders in botnet defense. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot de- tection methodology based on the following assumption: security pro- fessionals deploying honeypots have liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this con- straint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet can successfully send out unmodified malicious traffic. Based on this basic detection principle, we present honeypot detection techniques to be used in both central- ized botnets and peer-to-peer structured botnets. Experiments show that current standard honeypot and honeynet programs are vulnerable to the proposed honeypot detection techniques. In the end, we discuss some guidelines for defending against general honeypot-aware attacks. Keywords: Liability; honeypot; botnet; peer-to-peer; modeling. Reference to this paper should be made as follows: Wang, P., Wu, L., Cunningham, R. and Zou, C. (xxxx) Honeypot Detection in Advanced Botnet Attacks, Int. J. Information and Computer Security , Vol. x, No. x, pp.xxxxxx. Biographical notes: Ping Wang received her BS and MS degrees in computer science from Beijing University of Aeronautics and Astro- nauts, China, in 2001 and 2004, respectively. Currently she is working toward the PhD degree in School of Electrical Engineering and Com- puter Science at University of Central Florida. Her research interests include computer and network security. Lei Wu received the BS in Software Engineering and MS degrees in computer science from Nanjing University, China, in 2005 and 2008, re- spectively. Currently he is working toward the PhD degree in School of Electrical Engineering and Computer Science at University of Central Florida. His research interests include computer and network security....
View Full Document