Open Access  Subscription or Fee Access

Internet security deals with the methods and tools used for protecting the information transactions in various business, government and academic organizations. Honeypot is an information gathering and learning tools. It is used to collect the information about the intruders, their attack patterns, reason for attack and tools used by thing. This information, which is collected about the intruders help a lot to learn about their motives, proceedings and the technical abilities of the intruders. This paper focuses on the detection of virtual environments and low interaction honeypots by using a feature set that is built using traditional system and network level finger printing mechanisms. Earlier work in the area has been mostly based on the system level detection. The results aim at bringing out the limitations in the current honeypot technology. In our experiments for system level detection we use magic number techniques, virtual register sets technique and interrupt description table technique. In magic number technique our program takes the magic number, port number and command to execute as inputs and output whether it is VM ware or VPC or is it a host machine. In IDT technique our program uses SIDT we trace the finger prints of virtual machine and determine its VMware or VPC. In detection of sebek we look for the finger prints present in the memory and hijack the system call that is used by sebek. This paper also describes the results concerning the robustness and generalization capabilities of kernel methods in detecting honeypots using system and network finger printing data. We use traditional support vector machines. We also evaluate the impact of kernel type and parameter values on the accuracy of a support vector machine performing honeypot classification. In our experiments it is found that SVM performs the best for data sent on the same network.

Honeypot, Network, Operating System, Sebek, SVM

Know Your Enemy: Honeypots. The Honeypot project‟s Know Your Enemy Series 2005.

Curran.K., et al., “Monitoring hacker activity with a Honeypot”, International Journal of Network management, 2005. 15[2]: p.123-134

Holz, T., F.Ravnal, “Detecting Honeypots and other suspicious environments.”” Proceedings of the 2005 IEEEE, Workshop on Information Assurance and Security. 2005.

P. Defibaugh-Chavez, R.Veeraghattam, M.Kannappa, S.Mukkamala, A.H.Sung, “Network Based Detection of Virtual Environments and Low Interaction Honeypots,” Proceedings of the 2006 IEEE SMC, Workshop on Information Assurance.

C.W.Hsu, C.J.Lin,” A comparison on methods for multi class support vectot machines,” IEEE Transactions on Neural Networks, 13 pp. 415-425,2002.

C.H.Chan, I.King,” Using Biased Support vector Machine to Improve Retrieval Result in Image Retrieval with Self-organizing Map,”Proceedings of 11th International Conference, ICONIP. Lecture notes in computer Science 3316 Springer. ISBN 3-540-23931-6, pp. 714-719, 2004.

J.H. Lee, C.J. Lin, “Automatic model selection for support vector machines,” Technical report, Department of computer science and Information Engineering, National Taiwan University 2000.

O.Chapelle, V.Vapnik, “Model selection for support vector machines,” Advances in Neural Information Processing Systems 12, 1999.

V.Cherkassy, “ Model Complexity control and statistical learning theory “ Journal of natural Computing 1 pp.109-133,2002.

N.Cristianini,J.S.Taylor,” Support Vector Machines and other Kernel based Learning Algorithms,” Technical Report. Cambridge University Press.2000.

C.C.Chang, C.J.Lin,” LIBSVM: a library for support vector machines,” Technical Report, Department of Computer Science and Information Engineering, National Taiwan University, 2001.

J.P.Egan,”Signal detection theory and ROC analysis,” New York” Academic Press, 1975.

S. Mukkamala, A. H. Sung, and A. Abraham, “Computational Intelligent Techniques for Detecting Denial of Service Attacks”, Proc. of Innovations in Applied Artificial Intelligence, 17th International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems (IEA/AIE), Lecture Notes in Computer Science 3029 Springer, ISBN 3-540-22007-0, pp. 633-642, 2004