Efficient deployment of honeynets for statistical and forensic analysis of attacks from the Internet

Abstract

The use of honeynets as a means to detect and observe attacks originating from the Internet as well as to allow forensic analysis is a technique that has received increasing attention in the research community. However, it has not yet been investigated how effective honeynets are and to what extent their efficiency can be actively improved. Therefore, after a short introduction to the honeynet concept and its implementation options, a case study will be presented providing some insight into this issue. For this case study, a honeynet has been implemented and a multilevel escalation strategy has been defined and employed to clarify to what extent the detected attacks represent just the "average" level of malware activity and to what extent honeynet owners can actively attract attacks or even influence specific types of attacks. © IFIP International Federation for Information Processing 2005.