Honeypot generator

Honeypot generator

A project by Bor de Kock, Pieter Kokx and Ylona Meeuwenberg

What is a honeypot?

Examples

  • A USB stick with 'secret' documents
    • With wrong information to catch traitors
  • A server that is attractive to hackers
    • To learn their new hat tricks

But they need to be believable…

  • Attackers can check file metadata
  • Is the metadata consistent with normal file usage?

Our project

    Generating believable file useage
    That is, making a fake folder appear real and used.

Literature

We were not able to find work on believable file usage.

There is literature honeypots in general

  • Proactive Detection of Security Incidents [enisa, 2012] (181 pages!)
  • Recent Advances and Future Trends in Honeypot Research [Bringer et al., 2012]

Literature (contd.)

As well as ways of detecting them
  • Defeating Honeypots [Holz et al., 2005]
  • How do you know when you are inside one? [Innes, 2006]
But these are actually quite old.
We have thus come up with a new solution.

Approach

  • Analyse existing file metadata and generate a definition of believable file usage from there.
  • Apply this knowledge to manipulate files.

Data sources

Trending GitHub repositories

Too many to list here

Why?

Easily available data!

The main goal is to develop a methodology to analyse file data, to be able to generate file metadata in the future.

Variables to analyze

  • Filename (full path)
  • MIME-type (determined with magic)
  • Filesize
  • Last modified date (looking at commit history)

Evaluation

Results

TODO

Questions?