Honeypot Turing Test
There are a few aspects of using honeypots that become clear from this discussion. First, if one uses a honeypot, be sure to avoid the default configurations of these honeypots whenever possible. Second, attempt to design the service script behavior to match the expectations of the attacker. For example, in the case of the IIS GET response of the honeyd script, one could return an empty dir list and randomize time stamps, byte counts, volume serial number. More generally, one might consider an intelligent algorithm or approach to change or mutate a honeypot from a detectable back to an undetectable form.
Arshak Navruzyan, Steve Shimozaki
Anagnostakis, Kostas G., et al. Detecting Targeted Attacks Using Shadow Honeypots.Usenix Security. 2005.
Bossert, Georges, Frédéric Guihéry, and Guillaume Hiet. Towards automated protocol reverse engineering using semantic infor… Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM, 2014.
Buczak, Anna L., and Erhan Guven. A survey of data mining and machine learning methods for cyber secu… IEEE Communications Surveys & Tutorials 18.2 (2015): 1153-1176.
Buda, Michał, and Ilona Bluemke. Data Mining Algorithms in the Analysis of Security Logs from a Hone… Dependability Engineering and Complex Systems. Springer International Publishing, 2016. 63-73.
Cuckoo Sandbox malware analysis system.
Dahl, George E., et al. Large-scale malware classification using random projections and neu… 2013 IEEE International Conference on Acoustics, Speech and Signal Processing. IEEE, 2013.
Franc, Vojtech, Michal Sofka, and Karel Bartos. Learning detector of malicious network traffic from weak labels. Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer International Publishing, 2015.
Haltaş, Fatih, et al. An automated bot detection system through honeypots for large-scaleCyber Conflict (CyCon 2014), 2014 6th International Conference On. IEEE, 2014.
Nawrocki, Marcin, et al. A Survey on Honeypot Software and Data Analysis. arXiv preprint arXiv:1608.06249 (2016).
Netzob an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols.
Saeed, Imtithal A., Ali Selamat, and Ali MA Abuagoub. A survey on malware and malware detection systems. International Journal of Computer Applications 67.16 (2013).
Security showcase Open source projects to help build and operate more secure systems, along with tools for security monitoring and incident response.
Whalen, Sean, Matt Bishop, and James P. Crutchfield. Hidden markov models for automated protocol learning. International Conference on Security and Privacy in Communication Systems. Springer Berlin Heidelberg, 2010.
Originally posted here.
Honeypot Turing Test