CUR - The Council on Undergraduate Research

A Model and Design for Automated Honeypot Detection

Timothy Beal, Ashlyn Hanks, Christos Haramis, Justin Riccardelli, and Dr. Jason M. Pittman​, Department of Computer Science, High Point University, One University Parkway, High Point, NC 27268

Honeypots trap malicious computing behavior so researchers and practitioners can develop relevant defensive tools and techniques. However, potential attackers are aware of honeypots as a deception technology. Thus, existing literature demonstrates some effort to understand how attackers may be able to differentiate a honeypot from a legitimate system. Unfortunately, the literature is not clear on what specific network or system attributes may be used to fingerprint a honeypot. To that end, we previously reproduced a specific honeypot detection study which asserted a honeypot detection scheme but did not reveal any detailed methodology or results. The reproduction successfully confirmed a set of detection characteristics, but the work was entirely manual. Accordingly, in this work we employed an evaluative research method to guide development of two models: an ontological model using set theoretical concepts and a Unified Modeling Language describing a software implementation. The goal was to provide the next step towards an automated software tool capable of detecting honeypots with a statistically significant accuracy based on network characteristics. At the same time, the results may reveal mechanisms to create more concealable honeypots which would allow researchers to study adversaries in more depth. 

Additional Abstract Information