The TaintDroid Based Honeypot Monitoring System for Embedded Device

Abstract

Honeypot is a proactive defense technology introduced by defenders. Through the honeypots, defenders can deceive attackers to illegally take advantage of the honeypots and capture and analyze the attack behaviors to understand the attack tools and methods. To build honeypots, defenders first imitate vulnerable systems to entice the attacker to attack, then deploy monitoring systems that is responsible for monitoring and recording the attacker's behavior. It is of concern that monitoring system is the key to determine the performance of honeypots, because obtaining attackers' behavior is the main purpose of deploying honeypots, and monitoring system's performance determines whether attackers' behavior can be accurately and comprehensively recorded. In this paper, we introduce a novel TaintDroid based honeypot monitoring system for embedded device. This system uses TaintDroid to mark the attackers who hack into the honeypot, monitors the behavior of the marked attackers and then records. Moreover, we tested the feasibility of this system by building a monitoring system based on TaintDroid.