Honeypot generator
Honeypot generator
A project by Bor de Kock, Pieter Kokx and Ylona Meeuwenberg
What is a honeypot?
Examples
- A USB stick with 'secret' documents
- With wrong information to catch traitors
- A server that is attractive to hackers
- To learn their new hat tricks
But they need to be believable…
- Attackers can check file metadata
- Is the metadata consistent with normal file usage?
Our project
Generating believable file useage
That is, making a fake folder appear real and used.
Literature
We were not able to find work on believable file usage.
There is literature honeypots in general
- Proactive Detection of Security Incidents [enisa, 2012] (181 pages!)
- Recent Advances and Future Trends in Honeypot Research [Bringer et al., 2012]
Literature (contd.)
As well as ways of detecting them
- Defeating Honeypots [Holz et al., 2005]
- How do you know when you are inside one? [Innes, 2006]
But these are actually quite old.
We have thus come up with a new solution.
Approach
- Analyse existing file metadata and generate a definition of believable file usage from there.
- Apply this knowledge to manipulate files.
Data sources
Trending GitHub repositories
Too many to list here
Why?
Easily available data!
The main goal is to develop a methodology to analyse
file data, to be able to generate file metadata in the
future.
Variables to analyze
- Filename (full path)
- MIME-type (determined with magic)
- Filesize
- Last modified date (looking at commit history)