Title | Capturing Attacker Identity with Biteback Honeypot |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Adarsh, S, Jain, Kurunandan |
Conference Name | 2021 International Conference on System, Computation, Automation and Networking (ICSCAN) |
Keywords | Biteback, feature extraction, honeypot, metasploit, Meterpreter, Portable document format, Predictive Metrics, Prototypes, pubcrawl, Resiliency, reverse TCP, Router Systems Security, Routing, Routing protocols, Virtual private networks, Webcams |
Abstract | Cyber attacks are increasing at a rapid pace targeting financial institutions and the corporate sector, especially during pandemics such as COVID-19. Honeypots are implemented in data centers and servers, to capture these types of attacks and malicious activities. In this work, an experimental prototype is created simulating the attacker and victim environments and the results are consolidated. Attacker information is extracted using the Meterpreter framework and uses reverse TCP for capturing the data. Normal honeypots does not capture an attacker and his identity. Information such as user ID, Internet Protocol(IP) address, proxy servers, incoming and outgoing traffic, webcam snapshot, Media Access Control(MAC) address, operating system architecture, and router information of the attacker such as ARP cache can be extracted by this honeypot with "biteback" feature. |
DOI | 10.1109/ICSCAN53069.2021.9526371 |
Citation Key | adarsh_capturing_2021 |