A Comparison of Record and Play Honeypot Designs

Rauti Sampsa; Leppänen Ville; Papalitsas Jarko
A Comparison of Record and Play Honeypot Designs

Rauti Sampsa
Leppänen Ville
Papalitsas Jarko
Katso/Avaa
Lataukset: 

doi:10.1145/3134302.3134307
URI
https://dl.acm.org/citation.cfm?doid=3134302.3134307
Näytä kaikki kuvailutiedot
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2021042717951
Tiivistelmä

Record and play -honeypots mimic the normal TCP traffic and fool the adversary with fake data
while simultaneously keeping the setting realistic. In this paper, we propose several designs for such honeypots.
Two important aspects of honeypot design are considered. First, we compare named entity recognition systems
in order to recognize the entities in the messages the honeypot modifies. Second, we consider methods to
fake these entities consistently. Pros and cons of each approach – varying from the better accuracy of the fake
responses to the possibility of causing side effects on the real services – are discussed.

Kokoelmat