Honeypot trace forensics: The observation viewpoint matters

@article{Pham2011HoneypotTF,
  title={Honeypot trace forensics: The observation viewpoint matters},
  author={Van-Hau Pham and Marc Dacier},
  journal={Future Generation Comp. Syst.},
  year={2011},
  volume={27},
  pages={539-546}
}
In this paper, we propose amethod to identify and group together traces left on low interaction honeypots by machines belonging to the same botnet(s) without having any a priori information at our disposal regarding these botnets. In other words, we offer a solution to detect new botnets thanks to very cheap and easily deployable solutions. The approach is validated thanks to several months of data collectedwith the worldwide distributed Leurré.com system. To distinguish the relevant traces… CONTINUE READING