Honeypots: catching the insider threat

  title={Honeypots: catching the insider threat},
  author={Lance Spitzner},
  journal={19th Annual Computer Security Applications Conference, 2003. Proceedings.},
  • L. Spitzner
  • Published 8 December 2003
  • Computer Science
  • 19th Annual Computer Security Applications Conference, 2003. Proceedings.
In the past several years there has been extensive research into honeypot technologies, primarily for detection and information gathering against external threats. However, little research has been done for one of the most dangerous threats, the advance insider, the trusted individual who knows our internal organization. These individuals are not after our systems, they are after our information. We discuss how honeypot technologies can be used to detect, identify, and gather information on… 

Figures from this paper

Implementing PII honeytokens to mitigate against the threat of malicous insiders

  • Jonathan WhiteB. Panda
  • Computer Science
    2009 IEEE International Conference on Intelligence and Security Informatics
  • 2009
The goal of this work is to detect, identify, and confirm insider threats, specifically threats that are after personally identifiable information (PII) data.

XT-Pot: eXposing Threat Category of Honeypot-based attacks

This research proposes a generic framework to analyze and categorize threats collected from honeypots, which become the building block of threat intelligence to be shared used by security analyst in handling security incidents.

Detecting Insider Threats: Solutions and Trends

Some of the recent insider threat detection solutions are reviewed and their benefits and limitations are explored and insider threat issues for emerging areas such as cloud computing, virtualization, and social networking are discussed.

Context Honeypot: A Framework for Anticipatory Privacy Violation

A framework for database honeypots for certain types of attacks in privacy context is proposed, which would help in confirming the suspicion of a suspicious user without leaking the target information to the attacker.

Insider threats in information security categories and approaches

An overview of the various basic characteristics of insider threats is given and current approaches and controls to mitigating the level of such threats are considered by broadly classifying them into two categories.


Deception systems using Honeypot presents a system that pretends to have alone or more network vulnerabilities that a blackhat or a hacker is looking for but actually it does not have those vulnerabilities and does so by stealthily monitoring the network.

Assessment of Honeypots: Issues, Challenges and Future Directions

A recent survey on Honeypots is presented, its deployment in smartphone scenarios, its usage to curb Distributed Denial of Service attacks in variegated frameworks including Cloud environments, copious datasets and open source are presented.

Data Security Using Honeypot

This paper is based upon the introduction to honeypots, their importance in network security, types of honeypot, their advantages disadvantages and legal issues related with them, and what the future holds for honeypots.

Analysis of SSH attacks of Darknet using Honeypots

The results of SSH honeypot operations are presented, in which it undertook the web trap of attackers who target SSH service in order to gain illegal services.

Honeypots: Security by Deceiving Threats

What a honeypot is, their types, usage, ideas and concepts surrounding them, as well as the challenges faced with their implementation are expounded.



Internet intrusions: global characteristics and prevalence

A set of firewall logs collected over four months from over 1600 different networks world wide is analyzed, finding that at daily timescales, intrusion targets often depict significant spatial trends that blur patterns observed from individual "IP telescopes"; this underscores the necessity for a more global approach to intrusion detection.

The use of Honeynets to detect exploited systems across large enterprise networks

This work proposes that a Honeynet can be used to assist the system administrator in identifying malicious traffic within the enterprise network.

The Honeynet Project Know Your Enemy: Honeynets

  • The Honeynet Project Know Your Enemy: Honeynets
  • 2003

The Honeynet Project “ Know Your Enemy : Credit Card Fraud ” , 10 July , 2003 The Honeynet Project “ Scan of the Month Challenge 28 ” , May 2003

    Know Your Enemy: Credit Card Fraud

    • Know Your Enemy: Credit Card Fraud
    • 2003

    The Honeynet Project “ Know Your Enemy : Credit Card Fraud ” , 10 July , 2003

      The Honeynet Project " Scan of the Month Challenge 28

      • The Honeynet Project " Scan of the Month Challenge 28
      • 2003

      The Honeynet Project " Scan of the Month13

      • The Honeynet Project " Scan of the Month13
      • 2001

      Honeytokens: The Other Honeypot

      • Honeytokens: The Other Honeypot
      • 1713