Visible to the public Capturing Attacker Identity with Biteback Honeypot

TitleCapturing Attacker Identity with Biteback Honeypot
Publication TypeConference Paper
Year of Publication2021
AuthorsAdarsh, S, Jain, Kurunandan
Conference Name2021 International Conference on System, Computation, Automation and Networking (ICSCAN)
KeywordsBiteback, feature extraction, honeypot, metasploit, Meterpreter, Portable document format, Predictive Metrics, Prototypes, pubcrawl, Resiliency, reverse TCP, Router Systems Security, Routing, Routing protocols, Virtual private networks, Webcams
AbstractCyber attacks are increasing at a rapid pace targeting financial institutions and the corporate sector, especially during pandemics such as COVID-19. Honeypots are implemented in data centers and servers, to capture these types of attacks and malicious activities. In this work, an experimental prototype is created simulating the attacker and victim environments and the results are consolidated. Attacker information is extracted using the Meterpreter framework and uses reverse TCP for capturing the data. Normal honeypots does not capture an attacker and his identity. Information such as user ID, Internet Protocol(IP) address, proxy servers, incoming and outgoing traffic, webcam snapshot, Media Access Control(MAC) address, operating system architecture, and router information of the attacker such as ARP cache can be extracted by this honeypot with "biteback" feature.
DOI10.1109/ICSCAN53069.2021.9526371
Citation Keyadarsh_capturing_2021