Comparative survey of local honeypot sensors to assist network forensics

Comparative survey of local honeypot sensors to assist network forensics

This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration iss...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chen, P.T., Laih, C.S., Pouget, F., Dacier, M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Forensics
Internet
IP networks
Local activities
Monitoring
Sensor phenomena and characterization
Sensor systems
Telecommunication traffic
Telescopes
Weather forecasting
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 132
container_issue
container_start_page 120
container_title
container_volume
creator Chen, P.T.
Laih, C.S.
Pouget, F.
Dacier, M.
description This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration issues or highlight attacks particular to some given environments. Both cases are important for administrators in charge of the networks hosting the sensors. We propose in this paper a comparison of simple parameters that reveal to be an easy way to determine these abnormal and particular activities. On the basis of two identical honeypot sensors that we have deployed for more than 6 months in France and in Taiwan, we detail the analysis of some anomalies that have been found against one unique sensor only. This is a preliminary but useful stage for network forensics and we intend in a near future to deploy the method over a large number of sensors. This is an on-going work and we hope that the illustrations we provide all along the paper a good incentive for partners to join this open project.
doi_str_mv 10.1109/SADFE.2005.6
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1592526</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1592526</ieee_id><sourcerecordid>1592526</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-2fe2c8b30b09b7d668fd2a45779c80d987eb4923070ae8cb60c5fbda9dc622f03</originalsourceid><addsrcrecordid>eNotjE9LwzAcQAMiKLM3b17yBVp_TZp_x1E3Jww8qOeRpAlGu6YkcdJv78C9yzs8eAjdt9C0LajHt_XTdtMQANbwK1QpIUFwxUgnpLxBVc5fcIYqTiW7Rbs-HmeddAknh_NPOrkFR4_HaPWIP-PkljkWnN2UY8q4RKxzDrngyZXfmL6xj-ncgs136NrrMbvq4hX62G7e-129f31-6df7OrSClZp4R6w0FAwoIwbOpR-I7pgQykoYlBTOdIpQEKCdtIaDZd4MWg2WE-KBrtDD_zc45w5zCkedlkPLFGGE0z8CZku1</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Comparative survey of local honeypot sensors to assist network forensics</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Chen, P.T. ; Laih, C.S. ; Pouget, F. ; Dacier, M.</creator><creatorcontrib>Chen, P.T. ; Laih, C.S. ; Pouget, F. ; Dacier, M.</creatorcontrib><description>This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration issues or highlight attacks particular to some given environments. Both cases are important for administrators in charge of the networks hosting the sensors. We propose in this paper a comparison of simple parameters that reveal to be an easy way to determine these abnormal and particular activities. On the basis of two identical honeypot sensors that we have deployed for more than 6 months in France and in Taiwan, we detail the analysis of some anomalies that have been found against one unique sensor only. This is a preliminary but useful stage for network forensics and we intend in a near future to deploy the method over a large number of sensors. This is an on-going work and we hope that the illustrations we provide all along the paper a good incentive for partners to join this open project.</description><identifier>ISBN: 9780769524788</identifier><identifier>ISBN: 0769524788</identifier><identifier>DOI: 10.1109/SADFE.2005.6</identifier><language>eng</language><publisher>IEEE</publisher><subject>Forensics ; Internet ; IP networks ; Local activities ; Monitoring ; Sensor phenomena and characterization ; Sensor systems ; Telecommunication traffic ; Telescopes ; Weather forecasting</subject><ispartof>First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005, p.120-132</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1592526$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,4036,4037,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1592526$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Chen, P.T.</creatorcontrib><creatorcontrib>Laih, C.S.</creatorcontrib><creatorcontrib>Pouget, F.</creatorcontrib><creatorcontrib>Dacier, M.</creatorcontrib><title>Comparative survey of local honeypot sensors to assist network forensics</title><title>First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)</title><addtitle>SADFE</addtitle><description>This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration issues or highlight attacks particular to some given environments. Both cases are important for administrators in charge of the networks hosting the sensors. We propose in this paper a comparison of simple parameters that reveal to be an easy way to determine these abnormal and particular activities. On the basis of two identical honeypot sensors that we have deployed for more than 6 months in France and in Taiwan, we detail the analysis of some anomalies that have been found against one unique sensor only. This is a preliminary but useful stage for network forensics and we intend in a near future to deploy the method over a large number of sensors. This is an on-going work and we hope that the illustrations we provide all along the paper a good incentive for partners to join this open project.</description><subject>Forensics</subject><subject>Internet</subject><subject>IP networks</subject><subject>Local activities</subject><subject>Monitoring</subject><subject>Sensor phenomena and characterization</subject><subject>Sensor systems</subject><subject>Telecommunication traffic</subject><subject>Telescopes</subject><subject>Weather forecasting</subject><isbn>9780769524788</isbn><isbn>0769524788</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2005</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjE9LwzAcQAMiKLM3b17yBVp_TZp_x1E3Jww8qOeRpAlGu6YkcdJv78C9yzs8eAjdt9C0LajHt_XTdtMQANbwK1QpIUFwxUgnpLxBVc5fcIYqTiW7Rbs-HmeddAknh_NPOrkFR4_HaPWIP-PkljkWnN2UY8q4RKxzDrngyZXfmL6xj-ncgs136NrrMbvq4hX62G7e-129f31-6df7OrSClZp4R6w0FAwoIwbOpR-I7pgQykoYlBTOdIpQEKCdtIaDZd4MWg2WE-KBrtDD_zc45w5zCkedlkPLFGGE0z8CZku1</recordid><startdate>2005</startdate><enddate>2005</enddate><creator>Chen, P.T.</creator><creator>Laih, C.S.</creator><creator>Pouget, F.</creator><creator>Dacier, M.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2005</creationdate><title>Comparative survey of local honeypot sensors to assist network forensics</title><author>Chen, P.T. ; Laih, C.S. ; Pouget, F. ; Dacier, M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-2fe2c8b30b09b7d668fd2a45779c80d987eb4923070ae8cb60c5fbda9dc622f03</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Forensics</topic><topic>Internet</topic><topic>IP networks</topic><topic>Local activities</topic><topic>Monitoring</topic><topic>Sensor phenomena and characterization</topic><topic>Sensor systems</topic><topic>Telecommunication traffic</topic><topic>Telescopes</topic><topic>Weather forecasting</topic><toplevel>online_resources</toplevel><creatorcontrib>Chen, P.T.</creatorcontrib><creatorcontrib>Laih, C.S.</creatorcontrib><creatorcontrib>Pouget, F.</creatorcontrib><creatorcontrib>Dacier, M.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Chen, P.T.</au><au>Laih, C.S.</au><au>Pouget, F.</au><au>Dacier, M.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Comparative survey of local honeypot sensors to assist network forensics</atitle><btitle>First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)</btitle><stitle>SADFE</stitle><date>2005</date><risdate>2005</risdate><spage>120</spage><epage>132</epage><pages>120-132</pages><isbn>9780769524788</isbn><isbn>0769524788</isbn><abstract>This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration issues or highlight attacks particular to some given environments. Both cases are important for administrators in charge of the networks hosting the sensors. We propose in this paper a comparison of simple parameters that reveal to be an easy way to determine these abnormal and particular activities. On the basis of two identical honeypot sensors that we have deployed for more than 6 months in France and in Taiwan, we detail the analysis of some anomalies that have been found against one unique sensor only. This is a preliminary but useful stage for network forensics and we intend in a near future to deploy the method over a large number of sensors. This is an on-going work and we hope that the illustrations we provide all along the paper a good incentive for partners to join this open project.</abstract><pub>IEEE</pub><doi>10.1109/SADFE.2005.6</doi><tpages>13</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9780769524788
ispartof First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005, p.120-132
issn
language eng
recordid cdi_ieee_primary_1592526
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Forensics
Internet
IP networks
Local activities
Monitoring
Sensor phenomena and characterization
Sensor systems
Telecommunication traffic
Telescopes
Weather forecasting
title Comparative survey of local honeypot sensors to assist network forensics
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-03T16%3A21%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Comparative%20survey%20of%20local%20honeypot%20sensors%20to%20assist%20network%20forensics&rft.btitle=First%20International%20Workshop%20on%20Systematic%20Approaches%20to%20Digital%20Forensic%20Engineering%20(SADFE'05)&rft.au=Chen,%20P.T.&rft.date=2005&rft.spage=120&rft.epage=132&rft.pages=120-132&rft.isbn=9780769524788&rft.isbn_list=0769524788&rft_id=info:doi/10.1109/SADFE.2005.6&rft_dat=%3Cieee_6IE%3E1592526%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1592526&rfr_iscdi=true