首页> 外文会议>Nordic conference on secure IT systems >Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection

【24h】

Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection

机译：Sarracenia：使用虚拟机自检提高SSH Honeypot的性能和隐蔽性

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Secure Shell (SSH) is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords can be easily exploited using brute-force attacks. To learn more about adversaries, we can use a honeypot that provides information about attack and exploitation methods. The problem of current honeypot implementations is that attackers can easily detect that they are interacting with a honeypot and stop their activities immediately. Moreover, there is no freely available high-interaction SSH honeypot that provides in-depth tracing of attacks. In this paper, we introduce Sarracenia, a virtual high-interaction SSH honeypot which improves the stealthiness of monitoring by using virtual machine introspection (VMI) based tracing. We discuss the design of the system and how to extract valuable information such as user credential, executed commands, and file changes.

机译：安全外壳（SSH）是首选的攻击目标，因为它经常与基于密码的身份验证一起使用，并且可以使用蛮力攻击轻松利用弱密码。要了解有关对手的更多信息，我们可以使用蜜罐，该蜜罐提供有关攻击和利用方法的信息。当前蜜罐实施的问题是，攻击者可以轻松地检测到他们正在与蜜罐进行交互，并立即停止其活动。此外，没有免费的高交互性SSH蜜罐可提供对攻击的深入跟踪。在本文中，我们介绍了Sarracenia，这是一种虚拟的高交互SSH蜜罐，可通过使用基于虚拟机自省（VMI）的跟踪来提高监视的隐身性。我们讨论系统的设计以及如何提取有价值的信息，例如用户凭证，执行的命令和文件更改。

著录项

来源
《Nordic conference on secure IT systems》|2018年|255-271|共17页
会议地点
作者
Stewart Sentanoe; Benjamin Taubmann; Hans P. Reiser;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Honeypot; Virtual Machine Introspection; Secure Shell;

机译：蜜罐;虚拟机自省;安全壳;

相似文献

外文文献
中文文献
专利

1. High-performance method for identification of super enhancers from ChIP-Seq data with configurable cloud virtual machines [J] . Natalia N. Orlova, Olga V. Bogatova, Alexey V. Orlov MethodsX . 2020,第1期

机译：具有可配置云虚拟机的芯片-SEQ数据识别超级增强器的高性能方法
2. Enhanced Load Balancing Approach to Optimize the Performance of the Cloud Service using Virtual Machine Migration [J] . Saurabh Jain, Varsha Sharma International Journal of Engineering and Manufacturing(IJEM) . 2017,第1期

机译：增强的负载平衡方法，可使用虚拟机迁移来优化云服务的性能
3. Enhancing Scoring Performance of Docking-Based Virtual Screening Through Machine Learning [J] . Silva Candida G., Simoes Carlos J. V., Carreiras Pedro, Current Bioinformatics . 2016,第4期

机译：通过机器学习提高基于对接的虚拟筛选的计分性能
4. Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection [C] . Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser Nordic Conference on Secure IT Systems . 2018

机译：Sarracenia：使用虚拟机内省增强SSH蜜罐的性能和隐身
5. On the detection of virtual machine introspection from inside a guest virtual machine. [D] . Marken, Brandon Ashlee. 2015

机译：在从来宾虚拟机内部检测到虚拟机内省时。
6. High-performance method for identification of super enhancers from ChIP-Seq data with configurable cloud virtual machines [O] . Natalia N. Orlova, Olga V. Bogatova, Alexey V. Orlov 2020

机译：具有可配置云虚拟机的芯片-SEQ数据识别超级增强器的高性能方法
7. Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection [O] . Benjamin Taubmann, Hans P. Reiser 2020

机译：迈为虚拟机管理程序支持，用于提高虚拟机内省的性能

Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection

摘要

著录项

相似文献

相关主题

期刊订阅