With the rapid increase of the number of Internet users, now network use is indispensable to individuals and to organization. Although Internet provides us various services and our lives depend on it heavily, we have many problems of suspicious accesses. However, there are few opportunities to recognize what an actual exploit is, and it is difficult to recognize of the security, that is not visible. In this paper, we deployed a decoy system based on the highly interactive level Honeynet Project has defined. This system enables to be decoy on the OS level, making intruders act freely without restriction. It records not only the known activities, but unknown vulnerabilities and activities without being notified by the intruders. Currently, the concept of highly interactive level decoy system is new, the information in these system is not fully available. Prom these references, we have conducted an operation of the system, while adding some new features that were necessary. By analyzing all the logs from the system, we describe problems and propose the suitable operation methods.
- Yoshihiro Shibuya, Hideki Koike, Tetsuji Takada, Michiaki Yasumura, Takemochi Ishii, A Study for Some Experiences of the Operation of Highly Interactive Decoy System, Journal of IPSJ, Vol. 45, No. 8, pp.1921-1930, 2004. (in Japanese) PDF