ScriptGen

An automated script generation tool for honeyd

Corrado Leita, Ken Mermoud, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

93 Citations (Scopus)

Abstract

Honeyd [14] is a popular tool developed by Niels Proves that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity.

Original languageEnglish
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages203-214
Number of pages12
Volume2005
DOIs
Publication statusPublished - 2005
Externally publishedYes
Event21st Annual Computer Security Applications Conference, ACSAC 2005 - Tucson, AZ
Duration: 5 Dec 20059 Dec 2005

Other

Other21st Annual Computer Security Applications Conference, ACSAC 2005
CityTucson, AZ
Period5/12/059/12/05

Fingerprint

Tuning
Internet
Network protocols

ASJC Scopus subject areas

  • Software
  • Engineering(all)

Cite this

Leita, C., Mermoud, K., & Dacier, M. (2005). ScriptGen: An automated script generation tool for honeyd. In Proceedings - Annual Computer Security Applications Conference, ACSAC (Vol. 2005, pp. 203-214). [1565248] https://doi.org/10.1109/CSAC.2005.49

ScriptGen : An automated script generation tool for honeyd. / Leita, Corrado; Mermoud, Ken; Dacier, Marc.

Proceedings - Annual Computer Security Applications Conference, ACSAC. Vol. 2005 2005. p. 203-214 1565248.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Leita, C, Mermoud, K & Dacier, M 2005, ScriptGen: An automated script generation tool for honeyd. in Proceedings - Annual Computer Security Applications Conference, ACSAC. vol. 2005, 1565248, pp. 203-214, 21st Annual Computer Security Applications Conference, ACSAC 2005, Tucson, AZ, 5/12/05. https://doi.org/10.1109/CSAC.2005.49
Leita C, Mermoud K, Dacier M. ScriptGen: An automated script generation tool for honeyd. In Proceedings - Annual Computer Security Applications Conference, ACSAC. Vol. 2005. 2005. p. 203-214. 1565248 https://doi.org/10.1109/CSAC.2005.49
Leita, Corrado ; Mermoud, Ken ; Dacier, Marc. / ScriptGen : An automated script generation tool for honeyd. Proceedings - Annual Computer Security Applications Conference, ACSAC. Vol. 2005 2005. pp. 203-214
@inproceedings{0606fe5d703445cc8e4223c1a593fa86,
title = "ScriptGen: An automated script generation tool for honeyd",
abstract = "Honeyd [14] is a popular tool developed by Niels Proves that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity.",
author = "Corrado Leita and Ken Mermoud and Marc Dacier",
year = "2005",
doi = "10.1109/CSAC.2005.49",
language = "English",
isbn = "0769524613",
volume = "2005",
pages = "203--214",
booktitle = "Proceedings - Annual Computer Security Applications Conference, ACSAC",

}

TY - GEN

T1 - ScriptGen

T2 - An automated script generation tool for honeyd

AU - Leita, Corrado

AU - Mermoud, Ken

AU - Dacier, Marc

PY - 2005

Y1 - 2005

N2 - Honeyd [14] is a popular tool developed by Niels Proves that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity.

AB - Honeyd [14] is a popular tool developed by Niels Proves that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity.

UR - http://www.scopus.com/inward/record.url?scp=33846316416&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33846316416&partnerID=8YFLogxK

U2 - 10.1109/CSAC.2005.49

DO - 10.1109/CSAC.2005.49

M3 - Conference contribution

SN - 0769524613

SN - 9780769524610

VL - 2005

SP - 203

EP - 214

BT - Proceedings - Annual Computer Security Applications Conference, ACSAC

ER -