Practical Challenges in Building Fake Services with the Record and Play approach

Abstract

<p>One way to learn more about how a malicious program functions<br />and what its objectives are is to deceive it with fake<br />services that provide responses containing fabricated data.<br />We can try to achieve this goal with so called record and<br />play -honeypot that learns what the normal communication<br />between clients and a server looks like and then tries to<br />mimic it, but fabricates the contents of the responses so that<br />they contain fake data. This paper outlines and presents<br />the challenges faced in practical development of such honeypot.<br />Some solutions and recommendations that mitigate<br />the identified problems are also considered.<br /></p>