Towards an invisible honeypot monitoring system

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)


Honeypot is a decoy system to trap attackers, and data capture tool is one of the components of the honeypot architecture. Being used to collect the intruder's activities inside the honeypot, this key component must be able to function as stealthily as possible, so the intruder does not know that he is under watch. Unfortunately Sebek, a de-facto tool for this purpose in the modern honeypot technology, is rather easy to detect, even with unprivileged right access. This paper proposes to use Xen Virtual Machine to deploy honeypot, and takes the advantage introduced by Xen to fix some of the outstanding problems of Sebek. We present a design and implementation of a Xen-based system named Xebek as a solution. While Xebek provides similar features as Sebek does, our system is more "invisible" and harder to defeat. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.

Original languageEnglish
Title of host publicationInformation Security and Privacy
Subtitle of host publication11th Australasian Conference, ACISP 2006, Proceedings
PublisherSpringer Verlag
Number of pages12
ISBN (Print)3540354581, 9783540354581
Publication statusPublished - 2006
Externally publishedYes
Event11th Australasian Conference on Information Security and Privacy, ACISP 2006 - Melbourne, Australia
Duration: 2006 Jul 32006 Jul 5

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4058 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other11th Australasian Conference on Information Security and Privacy, ACISP 2006

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Towards an invisible honeypot monitoring system'. Together they form a unique fingerprint.

Cite this